Trojan Win32 : VB-EIK, => rapport Hijack this

Merci ;) oué y'as pas de soucis, il m'as l'air méchamment calé sur le sujet :O

t'inkiètes ;)

c'est une "vieille" infection (Trojan.DNSChanger) qui n'existe plus depuis pas mal de temps (voir paragraphe Trojan.DNSChanger : https://forum.malekal.com/viewtopic.php?t=11252&start= ).
Juste que c'est un peu hallucinant de voir que tu as ces DNS malicieux.

Oui débranche ton disque dur externe.

Rah, une fois que la barre de progression est remplie, il crash sans prévenir :/

C'est bizzard, j'ai supprimé NOD il y a longtemps... Je file l'exterminer dans C:\

ComboFix 10-11-16.06 - NICOLAS 17/11/2010 16:34:42.1.1 - x86
Microsoft® Windows Vista(TM) Édition Intégrale 6.0.6001.1.1252.33.1036.18.2815.1145 [GMT 1:00]
Lancé depuis: c:\users\NICOLAS\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 0.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\Spyware Cease
c:\program files\Spyware Cease\AutoUpdate.exe
c:\program files\Spyware Cease\bmgac
c:\program files\Spyware Cease\dxddd
c:\program files\Spyware Cease\hrdb.hrl
c:\program files\Spyware Cease\idamx
c:\program files\Spyware Cease\iflee
c:\program files\Spyware Cease\LSR.lsr
c:\program files\Spyware Cease\md5.dll
c:\program files\Spyware Cease\mtools.dll
c:\program files\Spyware Cease\networkdll.dll
c:\program files\Spyware Cease\opfile.dll
c:\program files\Spyware Cease\QAreaDLL.dll
c:\program files\Spyware Cease\RkHitApi.dll
c:\program files\Spyware Cease\SCHelper.exe
c:\program files\Spyware Cease\sctdll.dll
c:\program files\Spyware Cease\spkdll.dll
c:\program files\Spyware Cease\SpywareCease.chm
c:\program files\Spyware Cease\SpywareCease.exe
c:\program files\Spyware Cease\SpywareCease.url
c:\program files\Spyware Cease\tmp5
c:\program files\Spyware Cease\udefend.dll
c:\program files\Spyware Cease\unins000.dat
c:\program files\Spyware Cease\unins000.exe
c:\program files\Spyware Cease\update\Update.ini
c:\program files\Spyware Cease\update\uplist.up
c:\program files\Spyware Cease\update1
c:\program files\Spyware Cease\update2
c:\program files\Spyware Cease\update3
c:\program files\Spyware Cease\ussafe.dll
c:\program files\Spyware Cease\vf
c:\program files\Spyware Cease\xxcum
c:\program files\Spyware Cease\zlib1.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk
c:\users\NICOLAS\AppData\Local\cmoiuui.dat
c:\users\NICOLAS\AppData\Local\cmoiuui_nav.dat
c:\users\NICOLAS\AppData\Local\cmoiuui_navps.dat
c:\users\NICOLAS\AppData\Roaming\addons.dat
c:\users\NICOLAS\AppData\Roaming\Bifrost
c:\users\NICOLAS\AppData\Roaming\Bifrost\klog.dat
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\gxvxccounter
D:\Autorun.inf
D:\install.exe

----- Cloneurs de fichier -----

c:\program files\Common Files\France Telecom\Shared Modules\AlertModule\0\Uninstall\Shell.exe
c:\program files\Common Files\France Telecom\Shared Modules\Autodial\0\Uninstall\Shell.exe
c:\program files\Common Files\France Telecom\Shared Modules\FTCOMModule\0\Uninstall\Shell.exe
c:\program files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\Uninstall\Shell.exe
c:\program files\Common Files\France Telecom\Shared Modules\FTServiceProvider\0\Uninstall\Shell.exe
c:\program files\Common Files\France Telecom\Shared Modules\PTPCommunication\0\Uninstall\Shell.exe
c:\program files\OrangeHSS\Installation\Core\Shell.exe
c:\program files\OrangeHSS\Launcher\Shell.exe
c:\program files\OrangeHSS\Uninstall\AlertModule\Shell.exe
c:\program files\OrangeHSS\Uninstall\Autodial\Shell.exe
c:\program files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe
c:\program files\OrangeHSS\Uninstall\Connectivity\Shell.exe
c:\program files\OrangeHSS\Uninstall\Connectivity_Corecom\Shell.exe
c:\program files\OrangeHSS\Uninstall\Connectivity_Corecom_PCausaRawether55\Shell.exe
c:\program files\OrangeHSS\Uninstall\Extractor\Shell.exe
c:\program files\OrangeHSS\Uninstall\Fin\Shell.exe
c:\program files\OrangeHSS\Uninstall\FTCOMModule\Shell.exe
c:\program files\OrangeHSS\Uninstall\FTRTSVC\Shell.exe
c:\program files\OrangeHSS\Uninstall\FTServiceProvider\Shell.exe
c:\program files\OrangeHSS\Uninstall\HNMClient\Shell.exe
c:\program files\OrangeHSS\Uninstall\InfoDisplay\Shell.exe
c:\program files\OrangeHSS\Uninstall\InfoDisplay_DispAbout\Shell.exe
c:\program files\OrangeHSS\Uninstall\InfoDisplay_DispDiagnosis\Shell.exe
c:\program files\OrangeHSS\Uninstall\KillSuite\Shell.exe
c:\program files\OrangeHSS\Uninstall\Launcher\Shell.exe
c:\program files\OrangeHSS\Uninstall\Launcher_ConnectivitySettings\Shell.exe
c:\program files\OrangeHSS\Uninstall\Launcher_HelpFactory\Shell.exe
c:\program files\OrangeHSS\Uninstall\Launcher_HelpFiles\Shell.exe
c:\program files\OrangeHSS\Uninstall\Launcher_Inactivity\Shell.exe
c:\program files\OrangeHSS\Uninstall\Launcher_PollingModule\Shell.exe
c:\program files\OrangeHSS\Uninstall\launcher_PromptManager\Shell.exe
c:\program files\OrangeHSS\Uninstall\Launcher_Settings\Shell.exe
c:\program files\OrangeHSS\Uninstall\Launcher_Toaster\Shell.exe
c:\program files\OrangeHSS\Uninstall\launcher_Update\Shell.exe
c:\program files\OrangeHSS\Uninstall\Launcher_WOO_Identity\Shell.exe
c:\program files\OrangeHSS\Uninstall\Livebox_CustoUpdate\Shell.exe
c:\program files\OrangeHSS\Uninstall\LiveboxUtilities\Shell.exe
c:\program files\OrangeHSS\Uninstall\MICSequencer\Shell.exe
c:\program files\OrangeHSS\Uninstall\MICSequencer_FirstLaunch\Shell.exe
c:\program files\OrangeHSS\Uninstall\MigrationTool\Shell.exe
c:\program files\OrangeHSS\Uninstall\PTPCommunication\Shell.exe
c:\program files\OrangeHSS\Uninstall\SearchURLHook\Shell.exe
c:\program files\OrangeHSS\Uninstall\Splash\Shell.exe
c:\program files\OrangeHSS\Uninstall\Systray_WOO\Shell.exe
c:\program files\OrangeHSS\Uninstall\UninstallSuite\Shell.exe
c:\program files\OrangeHSS\Uninstall\Wancatcher\Shell.exe
c:\program files\OrangeHSS\Uninstall\Wifi_CustoUpdate\Shell.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gxvxcserv.sys
-------\Legacy_RKHIT
-------\Service_gxvxcserv.sys
-------\Service_RkHit
-------\Service_usnjsvc


((((((((((((((((((((((((((((( Fichiers créés du 2010-10-17 au 2010-11-17 ))))))))))))))))))))))))))))))))))))
.

2010-11-17 15:57 . 2010-11-17 15:57 -------- d-----w- C:\found.000
2010-11-17 15:53 . 2010-11-17 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-17 15:27 . 2010-11-17 15:29 -------- d-----w- C:\32788R22FWJFW
2010-11-17 13:38 . 2010-11-17 13:38 -------- d-----w- c:\program files\Trend Micro
2010-11-15 17:08 . 2010-11-15 17:08 13824 ----a-w- c:\windows\system32\gxvxcaqxtfhqointbfuqbuhfvrumervikxvis.dll
2010-11-14 21:12 . 2010-11-14 21:12 -------- d-----w- c:\program files\CCleaner
2010-11-14 12:57 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-14 12:57 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-11-14 12:57 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-11-14 12:57 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-11-14 12:57 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-11-14 12:57 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-11-14 12:57 . 2010-10-18 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-11-14 12:57 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-11-14 12:57 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-11-14 11:51 . 2010-11-17 13:51 40960 ------r- C:\Qoobox .scr
2010-11-14 11:51 . 2010-11-17 13:51 40960 ------r- C:\ComboFix .scr
2010-11-14 11:51 . 2010-11-17 13:51 40960 ------r- C:\32788R22FWJFW .scr
2010-11-13 12:14 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-13 12:14 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-13 12:14 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-13 12:14 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-13 12:14 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-13 12:13 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-13 12:13 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-13 12:13 . 2010-11-13 12:13 -------- d-----w- c:\programdata\Alwil Software
2010-11-13 12:13 . 2010-11-13 12:13 -------- d-----w- c:\program files\Alwil Software
2010-11-13 10:56 . 2010-11-13 10:56 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-11-12 17:50 . 2010-11-12 17:50 -------- d-----w- c:\users\NICOLAS\AppData\Local\Western_Digital
2010-11-12 17:49 . 2010-11-12 17:49 -------- d-----w- c:\users\NICOLAS\AppData\Roaming\Western Digital
2010-11-12 17:47 . 2010-11-12 17:47 -------- d-----w- c:\program files\Western Digital
2010-10-22 16:21 . 2010-10-22 16:21 -------- d-----w- c:\programdata\McAfee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 17:59 . 2010-02-03 18:45 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-02-27 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-09 321328]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-04-11 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-04-11 202240]
"Google Update"="c:\users\NICOLAS\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-22 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-09-22 1011080]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-09-04 722288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-9-4 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-9-4 8975680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Flashget"=c:\program files\FlashGet\FlashGet.exe /min
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SoundMan"=SOUNDMAN.EXE
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-11 21504]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 PsSdk31;PsSdk31;c:\windows\system32\Drivers\pssdk31.drv [2008-10-18 30272]
R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.drv [2008-10-18 37440]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-08 717296]
S1 aswSP;aswSP; [x]
S1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [2010-04-08 7168]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-09-11 15424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-09-04 25208]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-09-04 435568]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-06-25 185640]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-09-04 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-07-07 28160]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:24]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:24]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3870278675-146491242-3030291567-1000Core.job
- c:\users\NICOLAS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-13 17:00]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3870278675-146491242-3030291567-1000UA.job
- c:\users\NICOLAS\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-13 17:00]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Tout télécharger avec Free Download Manager - file://d:\free download manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://d:\free download manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://d:\free download manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://d:\free download manager\dlfvideo.htm
FF - ProfilePath - c:\users\NICOLAS\AppData\Roaming\Mozilla\Firefox\Profiles\021tm4te.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\NICOLAS\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\NICOLAS\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\NICOLAS\AppData\Roaming\Mozilla\Firefox\Profiles\021tm4te.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe
HKLM-Run-SCHelper.exe - c:\program files\Spyware Cease\SCHelper.exe
AddRemove-Halo CE - f:\jeu\Jeu PC pré-installés\Uninstal.exe
AddRemove-{ORAHSS}.Bas_Debit_CustoUpdate - c:\program files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 17:02
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gxvxcserv.sys]
"imagepath"="\systemroot\system32\drivers\gxvxcpmiqptqidrubxcreekeossewcpgmwcmy.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxcpmiqptqidrubxcreekeossewcpgmwcmy.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'Explorer.exe'(1432)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\WinSCP\DragExt.dll
c:\program files\ImTOO\iPod Computer Transfer\IPhoneExplorer.dll
c:\program files\ImTOO\iPod Computer Transfer\iTunesMobileDevice.dll
c:\program files\Common Files\Nero\Lib\MediaLibraryNSE.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\users\NICOLAS\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\NICOLAS\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\NICOLAS\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\NICOLAS\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\NICOLAS\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Heure de fin: 2010-11-17 17:12:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-17 16:12

Avant-CF: 25 353 220 096 octets libres
Après-CF: 26 723 274 752 octets libres

Current=2 Default=2 Failed=3 LastKnownGood=8 Sets=2,3,7,8
- - End Of File - - 38A7AA7A4855EB3140DDC30C0463B750

Rien d'annoncé sur TDSS