greemlins

ComboFix 10-01-20.06 - Jean Michel 24/01/2010 21:44:38.10.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.669 [GMT 1:00] Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FILE :: "c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys" "c:\documents and settings\Jean Michel\Application Data\QUAD Utilities" "c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit" "c:\program files\Bonjour" . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-24 au 2010-01-24 )))))))))))))))))))))))))))))))))))) . 2010-01-23 14:04 . 2010-01-23 14:04 -------- d-----w- C:\tdsskiller 2010-01-23 11:58 . 2010-01-23 12:04 -------- d-----w- C:\Gmer 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX 2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET 2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll 2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll 2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll 2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll 2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll 2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java 2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll 2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll 2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover 2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD 2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner 2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET 2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan 2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET 2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path 2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP 2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation 2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application 2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat 2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software 2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent 2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP 2010-01-12 07:57 . 2010-01-12 08:01 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe 2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP 2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi 2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll 2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp 2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe 2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft 2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab 2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun 2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal 2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel 2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel 2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities 2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate 2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs 2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft 2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft 2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue 2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite 2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-24 20:31 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache 2010-01-24 18:47 . 2004-08-10 12:00 585390 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-24 18:47 . 2004-08-10 12:00 124776 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-24 16:39 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour 2010-01-24 00:20 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc 2010-01-22 08:57 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM 2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java 2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss 2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works 2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information 2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-22 05:09 . 2006-03-04 03:35 671232 ------w- c:\windows\system32\wininet.dll 2009-12-22 05:08 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll 2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER 2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe 2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe 2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser 2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA 2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC 2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer 2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live 2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer 2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot 2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft 2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live 2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod 2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime 2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update 2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS 2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-23_12.34.49 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-24 20:50 . 2010-01-24 20:50 16384 c:\windows\temp\Perflib_Perfdata_318.dat + 2004-08-10 12:00 . 2010-01-24 18:47 492176 c:\windows\system32\perfh009.dat + 2004-08-10 12:00 . 2010-01-24 18:47 102106 c:\windows\system32\perfc009.dat + 2006-03-04 03:35 . 2009-12-22 05:09 671232 c:\windows\system32\dllcache\wininet.dll - 2006-03-04 03:35 . 2009-10-29 05:25 671232 c:\windows\system32\dllcache\wininet.dll + 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\mshtml.dll + 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\dllcache\mshtml.dll + 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\system32\dllcache\explorer.exe + 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520] "EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2008-10-24 20:50 1451264 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 16:53 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdrcoms.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?] S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408] S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289] S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm Trusted Zone: mappy.com Trusted Zone: orange.fr Trusted Zone: voila.fr\rw.search.ke Trusted Zone: weborama.fr\orange FF - ProfilePath - c:\documents and settings\Jean Michel\Application Data\Mozilla\Firefox\Profiles\pamoq8in.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={A089A227-7EF1-C52E-39D8-DDA53E68E3DF}&q= FF - component: c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOP7PlugIn.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-24 21:50 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28 \Driver\ACPI -> ACPI.sys @ 0xf7474cb8 \Driver\atapi -> atapi.sys @ 0xf73f4852 \Driver\iaStor -> 0x865e7150 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> NDIS.sys @ 0xf720fbd4 PacketIndicateHandler -> NDIS.sys @ 0xf71fda0d SendHandler -> NDIS.sys @ 0xf7211b40 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a, a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}] @Denied: (Full) (Everyone) "Model"=dword:00000130 "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1452) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1540) c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(2024) c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxdrcoms.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\dllhost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2010-01-24 21:55:22 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-24 20:55 ComboFix2.txt 2010-01-24 18:53 ComboFix3.txt 2010-01-24 16:44 ComboFix4.txt 2010-01-23 15:06 ComboFix5.txt 2010-01-24 20:39 Avant-CF: 25 226 555 392 octets libres Après-CF: 25 193 287 680 octets libres - - End Of File - - F9FA3A3392CDC68F3AEDEF64FA0FA6FF

rapport combo: j'en peux plus de ce rootkit.... ComboFix 10-01-20.06 - Jean Michel 24/01/2010 19:42:55.9.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.668 [GMT 1:00] Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FILE :: "c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys" "c:\documents and settings\Jean Michel\Application Data\QUAD Utilities" "c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit" "c:\program files\Bonjour" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Il y a peut-être des sites infectés ----- hxxp://armmf.adobe.com . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-24 au 2010-01-24 )))))))))))))))))))))))))))))))))))) . 2010-01-23 14:04 . 2010-01-23 14:04 -------- d-----w- C:\tdsskiller 2010-01-23 11:58 . 2010-01-23 12:04 -------- d-----w- C:\Gmer 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX 2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET 2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll 2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll 2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll 2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll 2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll 2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java 2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll 2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll 2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover 2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD 2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner 2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET 2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan 2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET 2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path 2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP 2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation 2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application 2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat 2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software 2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent 2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP 2010-01-12 07:57 . 2010-01-12 08:01 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe 2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP 2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi 2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll 2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp 2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe 2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft 2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab 2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun 2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal 2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel 2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel 2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities 2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate 2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs 2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft 2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft 2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue 2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite 2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-24 18:47 . 2004-08-10 12:00 585390 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-24 18:47 . 2004-08-10 12:00 124776 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-24 16:39 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour 2010-01-24 00:20 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc 2010-01-23 18:53 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache 2010-01-22 08:57 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM 2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java 2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss 2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works 2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information 2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-22 05:09 . 2006-03-04 03:35 671232 ------w- c:\windows\system32\wininet.dll 2009-12-22 05:08 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll 2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER 2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe 2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe 2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser 2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA 2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC 2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer 2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live 2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer 2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot 2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft 2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live 2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod 2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime 2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update 2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS 2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-23_12.34.49 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-24 18:49 . 2010-01-24 18:49 16384 c:\windows\temp\Perflib_Perfdata_468.dat + 2004-08-10 12:00 . 2010-01-24 18:47 492176 c:\windows\system32\perfh009.dat + 2004-08-10 12:00 . 2010-01-24 18:47 102106 c:\windows\system32\perfc009.dat + 2006-03-04 03:35 . 2009-12-22 05:09 671232 c:\windows\system32\dllcache\wininet.dll - 2006-03-04 03:35 . 2009-10-29 05:25 671232 c:\windows\system32\dllcache\wininet.dll + 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\mshtml.dll + 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\dllcache\mshtml.dll + 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\system32\dllcache\explorer.exe + 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520] "EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2008-10-24 20:50 1451264 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 16:53 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdrcoms.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?] S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408] S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289] S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm Trusted Zone: mappy.com Trusted Zone: orange.fr Trusted Zone: voila.fr\rw.search.ke Trusted Zone: weborama.fr\orange FF - ProfilePath - c:\documents and settings\Jean Michel\Application Data\Mozilla\Firefox\Profiles\pamoq8in.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={A089A227-7EF1-C52E-39D8-DDA53E68E3DF}&q= FF - component: c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOP7PlugIn.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-24 19:50 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28 \Driver\ACPI -> ACPI.sys @ 0xf7474cb8 \Driver\atapi -> atapi.sys @ 0xf73f4852 \Driver\iaStor -> 0x865e7150 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Réseau local Broadcom 802.11b/g -> SendCompleteHandler -> NDIS.sys @ 0xf720ebb0 PacketIndicateHandler -> NDIS.sys @ 0xf721ba21 SendHandler -> NDIS.sys @ 0xf71f987b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a, a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}] @Denied: (Full) (Everyone) "Model"=dword:00000130 "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1268) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1444) c:\windows\system32\scecli.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(3132) c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxdrcoms.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2010-01-24 19:53:30 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-24 18:53 ComboFix2.txt 2010-01-24 16:44 ComboFix3.txt 2010-01-23 15:06 ComboFix4.txt 2010-01-23 14:29 ComboFix5.txt 2010-01-24 18:37 Avant-CF: 24 709 160 960 octets libres Après-CF: 24 675 151 872 octets libres - - End Of File - - CC0E7730E9FB4C4AC118081EDEF0CB08

combofix détecte encore et toujours un rootkit voici le rapport: ComboFix 10-01-20.06 - Jean Michel 24/01/2010 17:34:20.8.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.687 [GMT 1:00] Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FILE :: "c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys" "c:\docume~1\JEANMI~1\LOCALS~1\Temp\NotifierSetup.exe" "c:\program files\Bonjour\mDNSResponder.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\Bonjour\mDNSResponder.exe ----- BITS: Il y a peut-être des sites infectés ----- hxxp://armmf.adobe.com . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BONJOUR_SERVICE -------\Service_Bonjour Service ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-24 au 2010-01-24 )))))))))))))))))))))))))))))))))))) . 2010-01-23 14:04 . 2010-01-23 14:04 -------- d-----w- C:\tdsskiller 2010-01-23 11:58 . 2010-01-23 12:04 -------- d-----w- C:\Gmer 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX 2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET 2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll 2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll 2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll 2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll 2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll 2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java 2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll 2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll 2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover 2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD 2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner 2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET 2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan 2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET 2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path 2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP 2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation 2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application 2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat 2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software 2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent 2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP 2010-01-12 07:57 . 2010-01-12 08:01 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe 2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP 2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi 2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll 2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp 2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe 2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft 2010-01-09 23:58 . 2010-01-18 18:38 -------- d--h--w- c:\windows\msdownld.tmp 2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab 2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun 2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal 2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel 2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel 2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities 2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate 2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs 2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft 2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft 2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue 2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite 2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-24 16:39 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour 2010-01-24 16:38 . 2004-08-10 12:00 584356 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-24 16:38 . 2004-08-10 12:00 124190 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-24 00:20 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc 2010-01-23 18:53 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache 2010-01-22 08:57 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM 2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java 2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss 2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works 2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information 2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-22 05:09 . 2006-03-04 03:35 671232 ----a-w- c:\windows\system32\wininet.dll 2009-12-22 05:08 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll 2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER 2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe 2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe 2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser 2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA 2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC 2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer 2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live 2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer 2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot 2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft 2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live 2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod 2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime 2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update 2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS 2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-23_12.34.49 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-24 16:40 . 2010-01-24 16:40 16384 c:\windows\temp\Perflib_Perfdata_254.dat + 2004-08-10 12:00 . 2010-01-24 16:38 491534 c:\windows\system32\perfh009.dat + 2004-08-10 12:00 . 2010-01-24 16:38 101656 c:\windows\system32\perfc009.dat + 2006-03-04 03:35 . 2009-12-22 05:09 671232 c:\windows\system32\dllcache\wininet.dll - 2006-03-04 03:35 . 2009-10-29 05:25 671232 c:\windows\system32\dllcache\wininet.dll + 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\mshtml.dll + 2006-03-23 17:35 . 2009-12-22 05:09 3092480 c:\windows\system32\dllcache\mshtml.dll + 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\system32\dllcache\explorer.exe + 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520] "EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2008-10-24 20:50 1451264 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 16:53 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdrcoms.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?] S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408] S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289] S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm Trusted Zone: mappy.com Trusted Zone: orange.fr Trusted Zone: voila.fr\rw.search.ke Trusted Zone: weborama.fr\orange FF - ProfilePath - c:\documents and settings\Jean Michel\Application Data\Mozilla\Firefox\Profiles\pamoq8in.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={A089A227-7EF1-C52E-39D8-DDA53E68E3DF}&q= FF - component: c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOP7PlugIn.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-24 17:40 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865D23E8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28 \Driver\ACPI -> ACPI.sys @ 0xf7474cb8 \Driver\atapi -> atapi.sys @ 0xf73f4852 \Driver\iaStor -> 0x865d23e8 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> NDIS.sys @ 0xf720fbd4 PacketIndicateHandler -> NDIS.sys @ 0xf71fda0d SendHandler -> NDIS.sys @ 0xf7211b40 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a, a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}] @Denied: (Full) (Everyone) "Model"=dword:00000130 "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1292) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1380) c:\windows\system32\scecli.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(3992) c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxdrcoms.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2010-01-24 17:44:19 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-24 16:44 ComboFix2.txt 2010-01-23 15:06 ComboFix3.txt 2010-01-23 14:29 ComboFix4.txt 2010-01-23 12:39 ComboFix5.txt 2010-01-24 16:29 Avant-CF: 24 647 262 208 octets libres Après-CF: 24 714 166 272 octets libres - - End Of File - - 91535EA083446905A6DA8ECDFF89822A quand à TFC il a redémarré mais mais rien ne s'est passé

et je viens de voir igraal dans les modules complémentaires, je désinstalle mais rien n'y fait, pourquoi sont-ils toujours là?!!!

ben désolée mais fast browser search est toujours là.

c'est fait, je viens de redémarrer après avoir coché la case. que dois-je faire maintenant? je décoche ou j'attends encore?

bonjour Pear, igraal a disparu mais fast browser search est toujours là. KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, January 24, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, January 24, 2010 08:28:45 Records in database: 3364342 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ Scan statistics Objects scanned 66914 Threats found 1 Infected objects found 1 Suspicious objects found 0 Scan duration 04:26:06 File name Threat Threats count C:\System Volume Information\_restore{E42DC670-1A7B-4433-B545-E19C665E941F}\RP121\A0050772.dll Infected: Packed.Win32.Krap.ag 1 Selected area has been scanned.

rapport tdsskiller: 15:04:37:312 3176 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25 15:04:37:312 3176 ================================================================================ 15:04:37:312 3176 SystemInfo: 15:04:37:312 3176 OS Version: 5.1.2600 ServicePack: 3.0 15:04:37:312 3176 Product type: Workstation 15:04:37:312 3176 ComputerName: HELLOW 15:04:37:312 3176 UserName: Jean Michel 15:04:37:312 3176 Windows directory: C:\WINDOWS 15:04:37:312 3176 Processor architecture: Intel x86 15:04:37:312 3176 Number of processors: 1 15:04:37:312 3176 Page size: 0x1000 15:04:37:312 3176 Boot type: Normal boot 15:04:37:312 3176 ================================================================================ 15:04:37:312 3176 UnloadDriverW: NtUnloadDriver error 2 15:04:37:312 3176 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 15:04:37:312 3176 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 15:04:37:328 3176 UtilityInit: KLMD drop and load success 15:04:37:328 3176 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000) 15:04:37:328 3176 UtilityInit: KLMD open success 15:04:37:328 3176 UtilityInit: Initialize success 15:04:37:328 3176 15:04:37:328 3176 Scanning Services ... 15:04:37:328 3176 CreateRegParser: Registry parser init started 15:04:37:328 3176 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 15:04:37:328 3176 CreateRegParser: DisableWow64Redirection error 15:04:37:328 3176 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 15:04:37:328 3176 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 15:04:37:328 3176 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 15:04:37:328 3176 wfopen_ex: Trying to KLMD file open 15:04:37:328 3176 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 15:04:37:328 3176 wfopen_ex: File opened ok (Flags 2) 15:04:37:328 3176 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384B08 15:04:37:328 3176 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 15:04:37:328 3176 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 15:04:37:328 3176 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 15:04:37:328 3176 wfopen_ex: Trying to KLMD file open 15:04:37:328 3176 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 15:04:37:328 3176 wfopen_ex: File opened ok (Flags 2) 15:04:37:328 3176 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384B70 15:04:37:328 3176 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 15:04:37:328 3176 CreateRegParser: EnableWow64Redirection error 15:04:37:328 3176 CreateRegParser: RegParser init completed 15:04:37:359 3176 GetAdvancedServicesInfo: Raw services enum returned 355 services 15:04:37:375 3176 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 15:04:37:375 3176 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 15:04:37:375 3176 15:04:37:375 3176 Scanning Kernel memory ... 15:04:37:375 3176 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 15:04:37:375 3176 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 865CE588 15:04:37:375 3176 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects 15:04:37:375 3176 15:04:37:375 3176 DetectCureTDL3: DEVICE_OBJECT: 8652DC68 15:04:37:375 3176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8652DC68 15:04:37:375 3176 KLMD_ReadMem: Trying to ReadMemory 0x8652DC68[0x38] 15:04:37:375 3176 DetectCureTDL3: DRIVER_OBJECT: 865CE588 15:04:37:375 3176 KLMD_ReadMem: Trying to ReadMemory 0x865CE588[0xA8] 15:04:37:375 3176 KLMD_ReadMem: Trying to ReadMemory 0xE163D578[0x18] 15:04:37:375 3176 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 15:04:37:375 3176 DetectCureTDL3: IrpHandler (0) addr: F7604BB0 15:04:37:375 3176 DetectCureTDL3: IrpHandler (1) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (2) addr: F7604BB0 15:04:37:375 3176 DetectCureTDL3: IrpHandler (3) addr: F75FED1F 15:04:37:375 3176 DetectCureTDL3: IrpHandler (4) addr: F75FED1F 15:04:37:375 3176 DetectCureTDL3: IrpHandler (5) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (6) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (7) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler ( addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (9) addr: F75FF2E2 15:04:37:375 3176 DetectCureTDL3: IrpHandler (10) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (11) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (12) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (13) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (14) addr: F75FF3BB 15:04:37:375 3176 DetectCureTDL3: IrpHandler (15) addr: F7602F28 15:04:37:375 3176 DetectCureTDL3: IrpHandler (16) addr: F75FF2E2 15:04:37:375 3176 DetectCureTDL3: IrpHandler (17) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (18) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (19) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (20) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (21) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (22) addr: F7600C82 15:04:37:375 3176 DetectCureTDL3: IrpHandler (23) addr: F760599E 15:04:37:375 3176 DetectCureTDL3: IrpHandler (24) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (25) addr: 804F355A 15:04:37:375 3176 DetectCureTDL3: IrpHandler (26) addr: 804F355A 15:04:37:375 3176 TDL3_FileDetect: Processing driver: Disk 15:04:37:375 3176 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:04:37:375 3176 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:04:37:406 3176 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 15:04:37:406 3176 15:04:37:406 3176 DetectCureTDL3: DEVICE_OBJECT: 85BF9AB8 15:04:37:406 3176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85BF9AB8 15:04:37:406 3176 DetectCureTDL3: DEVICE_OBJECT: 86552910 15:04:37:406 3176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86552910 15:04:37:406 3176 DetectCureTDL3: DEVICE_OBJECT: 86530028 15:04:37:406 3176 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86530028 15:04:37:406 3176 KLMD_ReadMem: Trying to ReadMemory 0x86530028[0x38] 15:04:37:406 3176 DetectCureTDL3: DRIVER_OBJECT: 8656EF38 15:04:37:406 3176 KLMD_ReadMem: Trying to ReadMemory 0x8656EF38[0xA8] 15:04:37:406 3176 KLMD_ReadMem: Trying to ReadMemory 0xE1004DA0[0x1C] 15:04:37:406 3176 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iastor, Driver Name: iastor 15:04:37:406 3176 DetectCureTDL3: IrpHandler (0) addr: F735892E 15:04:37:406 3176 DetectCureTDL3: IrpHandler (1) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (2) addr: F735892E 15:04:37:406 3176 DetectCureTDL3: IrpHandler (3) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (4) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (5) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (6) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (7) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler ( addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (9) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (10) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (11) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (12) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (13) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (14) addr: F7355B28 15:04:37:406 3176 DetectCureTDL3: IrpHandler (15) addr: 8656E5B8 15:04:37:406 3176 DetectCureTDL3: IrpHandler (16) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (17) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (18) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (19) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (20) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (21) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (22) addr: F734D9D6 15:04:37:406 3176 DetectCureTDL3: IrpHandler (23) addr: F734CD68 15:04:37:406 3176 DetectCureTDL3: IrpHandler (24) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (25) addr: 804F355A 15:04:37:406 3176 DetectCureTDL3: IrpHandler (26) addr: 804F355A 15:04:37:406 3176 TDL3_FileDetect: Processing driver: iastor 15:04:37:406 3176 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\iaStor.sys 15:04:37:406 3176 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\iaStor.sys 15:04:37:468 3176 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\iaStor.sys - Verdict: Clean 15:04:37:468 3176 15:04:37:468 3176 Completed 15:04:37:468 3176 15:04:37:468 3176 Results: 15:04:37:468 3176 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 15:04:37:468 3176 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 15:04:37:468 3176 File objects infected / cured / cured on reboot: 0 / 0 / 0 15:04:37:468 3176 15:04:37:468 3176 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 15:04:37:468 3176 UtilityDeinit: KLMD(ARK) unloaded successfully Et rapport combofix ComboFix 10-01-20.06 - Jean Michel 23/01/2010 15:55:14.7.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.686 [GMT 1:00] Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Il y a peut-être des sites infectés ----- hxxp://armmf.adobe.com . --------------- FCopy --------------- c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\explorer.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-23 au 2010-01-23 )))))))))))))))))))))))))))))))))))) . 2010-01-23 14:04 . 2010-01-23 14:04 -------- d-----w- C:\tdsskiller 2010-01-23 11:58 . 2010-01-23 12:04 -------- d-----w- C:\Gmer 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX 2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET 2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java 2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover 2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD 2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner 2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET 2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan 2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET 2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path 2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP 2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation 2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application 2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat 2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software 2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent 2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP 2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP 2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi 2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys 2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp 2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe 2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft 2010-01-09 23:58 . 2010-01-18 18:38 -------- d--h--w- c:\windows\msdownld.tmp 2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab 2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun 2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal 2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel 2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel 2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities 2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate 2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs 2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft 2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft 2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue 2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite 2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 14:59 . 2004-08-10 12:00 583322 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-23 14:59 . 2004-08-10 12:00 123604 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-23 00:05 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc 2010-01-22 16:36 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache 2010-01-22 08:57 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM 2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll 2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll 2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll 2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll 2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll 2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll 2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll 2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java 2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss 2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-12 08:01 . 2010-01-12 07:57 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll 2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works 2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-22 05:08 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll 2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER 2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe 2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe 2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser 2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA 2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC 2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer 2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live 2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer 2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot 2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft 2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live 2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod 2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime 2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update 2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS 2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 05:25 . 2006-03-04 03:35 671232 ------w- c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-23_12.34.49 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-23 15:01 . 2010-01-23 15:01 16384 c:\windows\temp\Perflib_Perfdata_15c.dat + 2004-08-10 12:00 . 2010-01-23 14:59 490892 c:\windows\system32\perfh009.dat + 2004-08-10 12:00 . 2010-01-23 14:59 101206 c:\windows\system32\perfc009.dat + 2004-08-10 12:00 . 2008-04-14 02:34 1037824 c:\windows\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520] "EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2008-10-24 20:50 1451264 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 16:53 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdrcoms.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?] S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408] S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289] S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm Trusted Zone: mappy.com Trusted Zone: orange.fr Trusted Zone: voila.fr\rw.search.ke Trusted Zone: weborama.fr\orange . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 16:02 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28 \Driver\ACPI -> ACPI.sys @ 0xf7474cb8 \Driver\atapi -> atapi.sys @ 0xf73f4852 \Driver\iaStor -> 0x865e7150 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Réseau local Broadcom 802.11b/g -> SendCompleteHandler -> NDIS.sys @ 0xf720ebb0 PacketIndicateHandler -> NDIS.sys @ 0xf721ba21 SendHandler -> NDIS.sys @ 0xf71f987b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a, a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}] @Denied: (Full) (Everyone) "Model"=dword:00000130 "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(912) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1044) c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(3988) c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxdrcoms.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2010-01-23 16:06:36 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-23 15:06 ComboFix2.txt 2010-01-23 14:29 ComboFix3.txt 2010-01-23 12:39 ComboFix4.txt 2010-01-23 10:53 ComboFix5.txt 2010-01-23 14:50 Avant-CF: 18 813 911 040 octets libres Après-CF: 18 777 800 704 octets libres - - End Of File - - 07F5A58E1E38A6861BEAF4F13505D9F3

encore merci pear pour ta patience.

rapport gmer qui ne trouve rien: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-23 13:20:45 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\JEANMI~1\LOCALS~1\Temp\uwtdipod.sys ---- Modules - GMER 1.0.15 ---- Module imagesrv.sys (Nero Image Server/Ahead Software AG) F749D000-F74BD000 (131072 bytes) Module sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) F744B000-F745D000 (73728 bytes) Module iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) F7314000-F73EE000 (892928 bytes) Module imagedrv.sys (NERO IMAGEDRIVE SCSI miniport/Ahead Software AG) F7AC4000-F7AC6000 (8192 bytes) Module cercsr6.sys (DELL CERC SATA1.5/6ch Miniport Driver/Adaptec, Inc.) F784E000-F7856000 (32768 bytes) Module Combo-Fix.sys F760E000-F761D000 (61440 bytes) Module sfvfs02.sys (FrontLine VFS Driver/Protection Technology (StarForce)) F71E2000-F71F9000 (94208 bytes) Module sfhlp02.sys (FrontLine Helper Driver/Protection Technology (StarForce)) F785E000-F7866000 (32768 bytes) Module sfdrv01.sys (FrontLine Environment Driver/Protection Technology (StarForce)) F71D0000-F71E2000 (73728 bytes) Module \SystemRoot\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P.) BA0EA000-BA0ED000 (12288 bytes) Module \SystemRoot\system32\DRIVERS\igxpmp32.sys (Intel Graphics Miniport Driver/Intel Corporation) B9152000-B96E8000 (5857280 bytes) Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) B9116000-B913E000 (163840 bytes) Module \SystemRoot\system32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) F7946000-F794C000 (24576 bytes) Module \SystemRoot\system32\DRIVERS\Epfwndis.sys (Eset Personal Firewall NDIS filter/ESET) F774E000-F7759000 (45056 bytes) Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7966000-F796B000 (20480 bytes) Module \SystemRoot\system32\drivers\CHDAud.sys (High Definition Audio Function Driver/Conexant Systems Inc.) A2A1F000-A2AB8000 (626688 bytes) Module \SystemRoot\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) A29C7000-A29FB000 (212992 bytes) Module \SystemRoot\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) A28D5000-A29C7000 (991232 bytes) Module \SystemRoot\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) A2822000-A28D5000 (733184 bytes) Module \SystemRoot\system32\DRIVERS\easdrv.sys (Eset AntiStealth driver/ESET) B4CDA000-B4CE9000 (61440 bytes) Module \SystemRoot\system32\DRIVERS\epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) A209A000-A20AC000 (73728 bytes) Module \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) B2CE5000-B2CEB000 (24576 bytes) Module \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) A1E8C000-A1EA8000 (114688 bytes) Module \??\C:\Program_Files\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) F7AF0000-F7AF2000 (8192 bytes) Module \SystemRoot\System32\igxpgd32.dll (Intel Graphics 2D Driver/Intel Corporation) BF024000-BF04F000 (176128 bytes) Module \SystemRoot\System32\igxprd32.dll (Intel Graphics 2D Rotation Driver/Intel Corporation) BF012000-BF024000 (73728 bytes) Module \SystemRoot\System32\igxpdv32.DLL (Component GHAL Driver/Intel Corporation) BF04F000-BF1E7000 (1671168 bytes) Module \SystemRoot\System32\igxpdx32.DLL (DirectDraw® Driver for Intel® Graphics Technology/Intel Corporation) BF1E7000-BF47A000 (2699264 bytes) Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes) Module \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) 94055000-94069000 (81920 bytes) Module \SystemRoot\system32\DRIVERS\epfw.sys (Eset Personal Firewall driver/ESET) 94041000-94055000 (81920 bytes) Module \SystemRoot\system32\DRIVERS\eamon.sys (Amon monitor/ESET) 93F77000-93FC4000 (315392 bytes) Module \SystemRoot\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) 93FD8000-93FDC000 (16384 bytes) Module \??\C:\ComboFix\catchme.sys F798E000-F7996000 (32768 bytes) Module \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS F7B44000-F7B46000 (8192 bytes) Module \??\C:\DOCUME~1\JEANMI~1\LOCALS~1\Temp\mbr.sys 9BC47000-9BC4D000 (24576 bytes) Module \SystemRoot\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) 93384000-93561000 (1953792 bytes) Module \??\C:\DOCUME~1\JEANMI~1\LOCALS~1\Temp\uwtdipod.sys (GMER) 9336D000-93384000 (94208 bytes) ---- Processes - GMER 1.0.15 ---- Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 420 Library C:\WINDOWS\system32\lxdrlmpm.dll (Printer Communication System/ ) 0x51000000 Library C:\WINDOWS\system32\lxdrcomc.dll (Printer Communication System/ ) 0x65000000 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdrdrpp.dll 0x10000000 Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000 Process C:\WINDOWS\eHome\ehRecvr.exe (Media Center Receiver Service/Microsoft Corporation) 536 Library C:\WINDOWS\system32\sbe.dll 0x1FF00000 Library C:\WINDOWS\system32\msdmo.dll 0x73600000 Process C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 672 Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) 0x00400000 Process C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 684 Library C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000 Process C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA) 792 Library C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA) 0x00400000 Library C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\IfHelper.dll (France Telecom SA) 0x10000000 Process C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) 840 Library C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) 0x00400000 Process C:\WINDOWS\system32\lxdrcoms.exe (Printer Communication System/ ) 904 Library C:\WINDOWS\system32\lxdrcoms.exe (Printer Communication System/ ) 0x00400000 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Process C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) 1076 Library C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) 0x00400000 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Process C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (RAID Monitor/Intel Corporation) 1372 Library C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (RAID Monitor/Intel Corporation) 0x00400000 Library C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll (Intel Storage Driver Interface Dynamic Lib/Intel Corporation) 0x10000000 Library C:\Program Files\Intel\Intel Matrix Storage Manager\FRA\PlugInRAID_FRA.dll (RAID Plug-in for Intel® Matrix Storage Console/Intel Corporation) 0x00910000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1812 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1852 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Process C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 1872 Library C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000 Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000 Library C:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x00280000 Library C:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft ® C/C++ Runtime Library/Mozilla Foundation) 0x78130000 Library C:\Program Files\Mozilla Firefox\js3250.dll (Netscape 32-bit JavaScript Module/Netscape Communications Corporation) 0x00300000 Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x004E0000 Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x00510000 Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x00530000 Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x005D0000 Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x003F0000 Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x005F0000 Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x00600000 Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000 Library C:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x00620000 Library C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x01410000 Library C:\Documents and Settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll (Internet Download Manager click catcher for Mozilla based browsers/Tonec Inc.) 0x01520000 Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000 Library C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x01750000 Library C:\Program Files\Internet Download Manager\idmmkb.dll (Internet Download Manager module/Tonec Inc.) 0x03250000 Library C:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x03360000 Library C:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x03390000 Library C:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x033B0000 Library C:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x03400000 Library C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 0x04F00000 Library C:\Program Files\Internet Download Manager\idmftype.dll (Internet Download Manager module/Tonec Inc.) 0x07430000 Process C:\WINDOWS\explorer.exe (Explorateur Windows/Microsoft Corporation) 2248 Library C:\Program Files\WinSCP\DragExt.dll (Drag&Drop shell extension for WinSCP (32-bit)/Martin Prikryl) 0x03250000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll (Nero Digital Shell Extension/Nero AG) 0x10000000 Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x00E60000 Library C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x039E0000 Library C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero BackItUp/Nero AG) 0x045B0000 Library C:\Program Files\Avira\AntiVir Desktop\shlext.dll (AntiVirus context menu/Avira GmbH) 0x049C0000 Library C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x047C0000 Library C:\Program Files\ESET\ESET Smart Security\shellExt.dll (Shell Extension/ESET) 0x22000000 Library C:\Program Files\WinRAR\rarext.dll 0x04B20000 Library C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll (Cover Designer/Nero AG) 0x04ED0000 Library C:\Program Files\Internet Download Manager\idmmkb.dll (Internet Download Manager module/Tonec Inc.) 0x02F60000 Process C:\Program Files\Lexmark 4900 Series\lxdrmon.exe 2912 Library C:\Program Files\Lexmark 4900 Series\lxdrmon.exe 0x00400000 Library C:\Program Files\Lexmark 4900 Series\lxdrcfg.dll (config/Lexmark International) 0x10000000 Library C:\Program Files\Lexmark 4900 Series\lxdrscw.dll 0x00990000 Library C:\Program Files\Lexmark 4900 Series\lxdrdatr.dll 0x00A00000 Library C:\Program Files\Lexmark 4900 Series\lxdrDRS.dll 0x00A50000 Library C:\Program Files\Lexmark 4900 Series\lxdrcaps.dll 0x00B70000 Library C:\Program Files\Lexmark 4900 Series\lxdrcnv4.dll 0x00BB0000 Library C:\Program Files\Lexmark 4900 Series\lxdrmonr.dll (Lexmark R&D Corp.) 0x00E10000 Library C:\Program Files\Lexmark 4900 Series\lxdrcomc.dll (Printer Communication System/ ) 0x65000000 Process C:\Program Files\Lexmark 4900 Series\ezprint.exe (Lexmark Fast Pics Application/Lexmark International Inc.) 2940 Library C:\Program Files\Lexmark 4900 Series\ezprint.exe (Lexmark Fast Pics Application/Lexmark International Inc.) 0x00400000 Library C:\Program Files\Lexmark 4900 Series\Epwizard.DLL (Lexmark Fast Pics Wizard Component DLL/Lexmark International Inc.) 0x10000000 Library C:\Program Files\Lexmark 4900 Series\customui.dll (Lexmark Fast Pics Customized GUI Component DLL/Lexmark International Inc.) 0x00330000 Library C:\Program Files\Lexmark 4900 Series\Eputil.DLL (Lexmark Fast Pics Utility Component DLL/Lexmark International Inc.) 0x00360000 Library C:\Program Files\Lexmark 4900 Series\Imagutil.DLL (Lexmark Fast Pics Image Utility Component DLL/Lexmark International Inc.) 0x00380000 Library C:\Program Files\Lexmark 4900 Series\Ltwvc215u.dll (Class Library Wrapper (Win32)/LEAD Technologies, Inc.) 0x00420000 Library C:\Program Files\Lexmark 4900 Series\Ltkrn15u.dll (Kernel (Win32)/LEAD Technologies, Inc.) 0x00650000 Library C:\Program Files\Lexmark 4900 Series\Ltdis15u.dll (Display kernel (Win32)/LEAD Technologies, Inc.) 0x006D0000 Library C:\Program Files\Lexmark 4900 Series\Ltfil15u.dll (Filter kernel (Win32)/LEAD Technologies, Inc.) 0x00710000 Library C:\Program Files\Lexmark 4900 Series\Ltimgclr15u.dll (Image processing (Color) (Win32)/LEAD Technologies, Inc.) 0x00740000 Library C:\Program Files\Lexmark 4900 Series\Ltimgutl15u.dll (Image processing (Utilites) (Win32)/LEAD Technologies, Inc.) 0x00780000 Library C:\Program Files\Lexmark 4900 Series\Epfunct.DLL (Lexmark Fast Pics Functional Utility DLL/Lexmark International Inc.) 0x007B0000 Library C:\Program Files\Lexmark 4900 Series\EPWizRes.dll (Lexmark Fast Pics Wizard Resource Component DLL/Lexmark International Inc.) 0x00F40000 Library C:\Program Files\Lexmark 4900 Series\epstring.dll (Lexmark Fast Pics String Dll Component/Lexmark International Inc.) 0x00DA0000 Library C:\Program Files\Lexmark 4900 Series\EPOEMDll.dll (Lexmark Fast Pics OEM Resources DLL/Lexmark International Inc.) 0x00DB0000 Library C:\Program Files\Lexmark 4900 Series\LTIMGCOR15U.DLL (Image processing (Core) (Win32)/LEAD Technologies, Inc.) 0x00DC0000 Library C:\Program Files\Lexmark 4900 Series\LTIMGSFX15U.DLL (Image processing (Special Effects) (Win32)/LEAD Technologies, Inc.) 0x01180000 Library C:\Program Files\Lexmark 4900 Series\LTIMGEFX15U.DLL (Image processing (Effects) (Win32)/LEAD Technologies, Inc.) 0x01200000 Library C:\Program Files\Lexmark 4900 Series\LTEFX15U.DLL (Special effects (Win32)/LEAD Technologies, Inc.) 0x01250000 Library C:\Program Files\Lexmark 4900 Series\iptk.dll 0x012A0000 Library C:\Program Files\Lexmark 4900 Series\PdfLib.dll (PDFlib - a library for generating PDF on the fly/PDFlib GmbH) 0x55300000 Library C:\Program Files\Lexmark 4900 Series\lxdrptp.dll 0x01A20000 Process C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper Module/Apple Inc.) 3008 Library C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper Module/Apple Inc.) 0x00400000 Library C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL (Bibliothèque de ressources iTunesHelper/Apple Inc.) 0x10000000 Library C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (iTunesHelper Resource Library/Apple Inc.) 0x00DD0000 Library C:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000 Library C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x096B0000 Process C:\Gmer\gmer.exe 3044 Library C:\Gmer\gmer.exe 0x00400000 Library C:\Program Files\Internet Download Manager\idmmkb.dll (Internet Download Manager module/Tonec Inc.) 0x10000000 Process C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Java Update Scheduler/Sun Microsystems, Inc.) 3152 Library C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Java Update Scheduler/Sun Microsystems, Inc.) 0x00400000 Process C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (hpwuSchd Application/Hewlett-Packard) 3168 Library C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (hpwuSchd Application/Hewlett-Packard) 0x00400000 Process C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Event Monitor User Notification Tool/Intel Corporation) 3188 Library C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Event Monitor User Notification Tool/Intel Corporation) 0x00400000 Library C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll (Intel Storage Driver Interface Dynamic Lib/Intel Corporation) 0x10000000 Library C:\Program Files\Intel\Intel Matrix Storage Manager\FRA\IAAMon_FRA.dll (Event Monitor User Notification Tool/Intel Corporation) 0x003E0000 Process C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation) 3208 Library C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation) 0x00400000 Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000 Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x011B0000 Library C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation) 0x011D0000 Library C:\WINDOWS\system32\igfxress.dll (igfxress Module/Intel Corporation) 0x01210000 Process C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 3220 Library C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 0x00400000 Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000 Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x011B0000 Library C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation) 0x011E0000 Process C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 3236 Library C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 0x00400000 Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000 Process C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 3276 Library C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 0x00400000 Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000 Library C:\WINDOWS\system32\igfxdev.dll (igfxdev Module/Intel Corporation) 0x01270000 Process C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero Home/Nero AG) 3296 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero Home/Nero AG) 0x00400000 Library C:\Program Files\Fichiers communs\Ahead\Lib\AdvrCntr2.dll (AdvrCntr Module/Nero AG) 0x10000000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingServicePS.dll (Nero Home/Nero AG) 0x012A0000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvrPS.dll (Nero Home/Nero AG) 0x012B0000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMDataServices.dll (Nero Home/Nero AG) 0x01700000 Process C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero Home/Nero AG) 3532 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero Home/Nero AG) 0x00400000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingServicePS.dll (Nero Home/Nero AG) 0x10000000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMLogCxx.dll (Nero Home/Nero AG) 0x00690000 Library C:\Program Files\Fichiers communs\Ahead\Lib\log4cxx.dll (Log4cxx is C++ port of Log4j/Nero AG) 0x01650000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMDataServices.dll (Nero Home/Nero AG) 0x017D0000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvrPS.dll (Nero Home/Nero AG) 0x00F50000 Process C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) 3764 Library C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) 0x00400000 Library C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL (Bibliothèque de ressources iPodService/Apple Inc.) 0x10000000 Library C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL (iPodService Resource Library/Apple Inc.) 0x008A0000 Process C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe (Nero Home/Nero AG) 3960 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe (Nero Home/Nero AG) 0x00400000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMSQLDB.dll (Nero Home/Nero AG) 0x10000000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMLogCxx.dll (Nero Home/Nero AG) 0x003E0000 Library C:\Program Files\Fichiers communs\Ahead\Lib\log4cxx.dll (Log4cxx is C++ port of Log4j/Nero AG) 0x00C90000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingServicePS.dll (Nero Home/Nero AG) 0x00D60000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMCoFoundation.dll (Nero Home/Nero AG) 0x01A90000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMFullTextExtraction.dll (Nero Home/Nero AG) 0x01EC0000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMSearchPluginSimilarImages.dll (Nero Home/Nero AG) 0x01F40000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NeroIPP.dll (Nero IPP Proxy/Nero AG) 0x01FB0000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMDataServices.dll (Nero Home/Nero AG) 0x022F0000 Library C:\WINDOWS\system32\msidntld.dll (Gestionnaire d'identité Microsoft/Microsoft Corporation) 0x030A0000 Library C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvrPS.dll (Nero Home/Nero AG) 0x00DC0000 ---- Services - GMER 1.0.15 ---- Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [DISABLED] AntiVirSchedulerService Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [DISABLED] AntiVirService Service C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [sYSTEM] avgio Service C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [sYSTEM] avipbb Service C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) [MANUAL] BCM43XX Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service C:\ComboFix\catchme.sys [MANUAL] catchme Service (DELL CERC SATA1.5/6ch Miniport Driver/Adaptec, Inc.) [bOOT] cercsr6 Service C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (Driver NT Ma-Config.com/CybelSoft) [MANUAL] driverhardwarev2 Service C:\WINDOWS\system32\DRIVERS\eamon.sys (Amon monitor/ESET) [AUTO] eamon Service C:\WINDOWS\system32\DRIVERS\easdrv.sys (Eset AntiStealth driver/ESET) [sYSTEM] easdrv Service C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (Eset HTTP Server Service/ESET) [DISABLED] EhttpSrv Service C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Eset Service/ESET) [DISABLED] ekrn Service C:\WINDOWS\system32\DRIVERS\epfw.sys (Eset Personal Firewall driver/ESET) [AUTO] epfw Service C:\WINDOWS\system32\DRIVERS\Epfwndis.sys (Eset Personal Firewall NDIS filter/ESET) [MANUAL] Epfwndis Service C:\WINDOWS\system32\DRIVERS\epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) [sYSTEM] epfwtdi Service C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA) [AUTO] FTRTSVC Service C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service C:\DOCUME~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [MANUAL] gtermddo Service C:\WINDOWS\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P.) [MANUAL] HBtnKey Service C:\WINDOWS\system32\drivers\CHDAud.sys (High Definition Audio Function Driver/Conexant Systems Inc.) [MANUAL] HdAudAddService Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) [MANUAL] HDAudBus Service C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWAZL Service C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV Service C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (RAID Monitor/Intel Corporation) [AUTO] IAANTMON Service C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Graphics Miniport Driver/Intel Corporation) [MANUAL] ialm Service C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) [bOOT] iastor Service C:\WINDOWS\System32\Drivers\imagedrv.sys (NERO IMAGEDRIVE SCSI miniport/Ahead Software AG) [bOOT] imagedrv Service C:\WINDOWS\system32\DRIVERS\imagesrv.sys (Nero Image Server/Ahead Software AG) [bOOT] imagesrv Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service Service C:\Program Files\Java\jre6\bin\jqs.exe (Java Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService Service C:\WINDOWS\system32\lxdrcoms.exe (Printer Communication System/ ) [AUTO] lxdr_device Service C:\Program Files\ma-config.com\maconfservice.exe (Service de détection matériel/CybelSoft) [MANUAL] maconfservice Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk Service MSDTC Bridge 3.0.0.0 Service C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero BackItUp/Nero AG) [MANUAL] NBService Service C:\WINDOWS\system32\DRIVERS\netaapl.sys (Apple Mobile Device Ethernet/Apple Inc.) [MANUAL] Netaapl Service C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero Home/Nero AG) [MANUAL] NMIndexingService Service C:\WINDOWS\system32\PCAMPR5.SYS (PCAUSA NDIS 5.0 MPR Protocol Driver/Printing Communications Assoc., Inc. (PCAUSA)) [MANUAL] PCAMPR5 Service C:\WINDOWS\system32\PCANDIS5.SYS (PCAUSA NDIS 5.0 Protocol Driver/Printing Communications Assoc., Inc. (PCAUSA)) [MANUAL] PCANDIS5 Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [bOOT] PxHelp20 Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) [MANUAL] rtl8139 Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service C:\WINDOWS\System32\drivers\sfdrv01.sys (FrontLine Environment Driver/Protection Technology (StarForce)) [bOOT] sfdrv01 Service C:\WINDOWS\System32\drivers\sfhlp02.sys (FrontLine Helper Driver/Protection Technology (StarForce)) [bOOT] sfhlp02 Service C:\WINDOWS\System32\drivers\sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) [bOOT] sfsync04 Service C:\WINDOWS\System32\drivers\sfvfs02.sys (FrontLine VFS Driver/Protection Technology (StarForce)) [bOOT] sfvfs02 Service SMSvcHost 3.0.0.0 Service C:\WINDOWS\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) [DISABLED] sptd Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [sYSTEM] ssmdrv Service C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind iSCSI Target (Alcohol Edition)/Rocket Division Software) [AUTO] StarWindServiceAE Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf Service Windows Workflow Foundation 3.0.0.0 ---- EOF - GMER 1.0.15 ---- et rapprt combofix qui detecte rootkit, grrrr. ComboFix 10-01-20.06 - Jean Michel 23/01/2010 13:28:11.5.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.701 [GMT 1:00] Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\explorer.exe ----- BITS: Il y a peut-être des sites infectés ----- hxxp://armmf.adobe.com . --------------- FCopy --------------- c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll --> c:\windows\system32\comctl32.dll c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe --> c:\windows\system32\ntoskrnl.exe c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\system32\explorer.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-23 au 2010-01-23 )))))))))))))))))))))))))))))))))))) . 2010-01-23 11:58 . 2010-01-23 12:04 -------- d-----w- C:\Gmer 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX 2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET 2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java 2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover 2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD 2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner 2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET 2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan 2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET 2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path 2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP 2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation 2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application 2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat 2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software 2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent 2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP 2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP 2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi 2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys 2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp 2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe 2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft 2010-01-09 23:58 . 2010-01-18 18:38 -------- d--h--w- c:\windows\msdownld.tmp 2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab 2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun 2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal 2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel 2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel 2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities 2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate 2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs 2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft 2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft 2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue 2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite 2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 12:31 . 2004-08-10 12:00 581254 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-23 12:31 . 2004-08-10 12:00 122432 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-23 00:05 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc 2010-01-22 16:36 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache 2010-01-22 08:57 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM 2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll 2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll 2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll 2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll 2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll 2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll 2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll 2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java 2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss 2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-12 08:01 . 2010-01-12 07:57 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll 2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works 2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-22 05:08 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll 2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER 2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe 2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe 2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser 2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA 2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC 2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer 2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live 2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer 2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot 2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft 2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live 2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod 2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime 2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update 2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS 2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 05:25 . 2006-03-04 03:35 671232 ------w- c:\windows\system32\wininet.dll . ------- Sigcheck ------- [-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe [-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2004-08-10 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520] "EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2008-10-24 20:50 1451264 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 16:53 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdrcoms.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?] S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408] S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289] S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm Trusted Zone: mappy.com Trusted Zone: orange.fr Trusted Zone: voila.fr\rw.search.ke Trusted Zone: weborama.fr\orange . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 13:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28 \Driver\ACPI -> ACPI.sys @ 0xf7474cb8 \Driver\atapi -> atapi.sys @ 0xf73f4852 \Driver\iaStor -> 0x865e7150 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Réseau local Broadcom 802.11b/g -> SendCompleteHandler -> NDIS.sys @ 0xf720ebb0 PacketIndicateHandler -> NDIS.sys @ 0xf721ba21 SendHandler -> NDIS.sys @ 0xf71f987b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a, a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}] @Denied: (Full) (Everyone) "Model"=dword:00000130 "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1276) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1412) c:\windows\system32\scecli.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(2648) c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxdrcoms.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dllhost.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2010-01-23 13:39:50 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-23 12:39 ComboFix2.txt 2010-01-23 10:53 ComboFix3.txt 2010-01-23 10:16 ComboFix4.txt 2010-01-23 09:30 ComboFix5.txt 2010-01-23 12:22 Avant-CF: 18 887 966 720 octets libres Après-CF: 18 846 121 984 octets libres - - End Of File - - 11B22F0152A07AE6C11E84D35BB1C15D

je viens de refaire la manip avec combofix, mbr ne change pas. Combo detecte tjrs rootkit ComboFix 10-01-20.06 - Jean Michel 23/01/2010 11:41:29.4.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.668 [GMT 1:00] Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\explorer.exe . --------------- FCopy --------------- c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe --> c:\windows\system32\winlogon.exe c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\system32\mshtml.dll c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\system32\user32.dll c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\system32\wininet.dll c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\system32\explorer.exe c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe --> c:\windows\system32\ctfmon.exe c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe --> c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-23 au 2010-01-23 )))))))))))))))))))))))))))))))))))) . 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX 2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET 2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll 2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll 2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll 2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll 2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll 2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java 2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll 2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll 2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover 2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD 2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner 2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET 2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan 2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET 2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path 2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP 2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation 2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application 2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat 2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software 2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent 2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP 2010-01-12 07:57 . 2010-01-12 08:01 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe 2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP 2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi 2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll 2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp 2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe 2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft 2010-01-09 23:58 . 2010-01-18 18:38 -------- d--h--w- c:\windows\msdownld.tmp 2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab 2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun 2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal 2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel 2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel 2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities 2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate 2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs 2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft 2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft 2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue 2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite 2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 10:44 . 2004-08-10 12:00 580220 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-23 10:44 . 2004-08-10 12:00 121846 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-23 00:05 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc 2010-01-22 16:36 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache 2010-01-22 08:57 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM 2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java 2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss 2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works 2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information 2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-22 05:08 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll 2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER 2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe 2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe 2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser 2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA 2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC 2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer 2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live 2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer 2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot 2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft 2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live 2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod 2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime 2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update 2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS 2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 05:25 . 2006-03-04 03:35 671232 ----a-w- c:\windows\system32\wininet.dll . ------- Sigcheck ------- [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll [-] 2008-04-14 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2004-08-10 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe [-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe [-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe [7] 2009-08-04 . 63864AF70CAC631077A6C1223617336B . 2191360 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [7] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [7] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [7] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe [-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe [-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2004-08-10 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520] "EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2008-10-24 20:50 1451264 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 16:53 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdrcoms.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?] S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408] S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289] S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm Trusted Zone: mappy.com Trusted Zone: orange.fr Trusted Zone: voila.fr\rw.search.ke Trusted Zone: weborama.fr\orange . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 11:47 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28 \Driver\ACPI -> ACPI.sys @ 0xf7474cb8 \Driver\atapi -> atapi.sys @ 0xf73f4852 \Driver\iaStor -> 0x865e7150 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> NDIS.sys @ 0xf720fbd4 PacketIndicateHandler -> NDIS.sys @ 0xf71fda0d SendHandler -> NDIS.sys @ 0xf7211b40 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a, a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}] @Denied: (Full) (Everyone) "Model"=dword:00000130 "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1468) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1556) c:\windows\system32\scecli.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(2248) c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxdrcoms.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2010-01-23 11:53:01 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-23 10:52 ComboFix2.txt 2010-01-23 10:16 ComboFix3.txt 2010-01-23 09:30 ComboFix4.txt 2010-01-21 18:05 Avant-CF: 18 929 225 728 octets libres Après-CF: 18 889 572 352 octets libres - - End Of File - - D64AD446B849F96DFE5F5E754244A42B

pour désactiver les antivirus, j'ai tapé msconfig dans exécuter, je suis allée sous l'onglet démarrage ensuite service mais apparemment ils restent toujours actifs.

Voici le rapport avec combofix, par contre mbr ne s'est pas installé ni lancé, il a juste fait un rapport que je met à la suite. ComboFix 10-01-20.06 - Jean Michel 23/01/2010 11:04:50.3.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.669 [GMT 1:00] Lancé depuis: c:\documents and settings\Jean Michel\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Jean Michel\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\explorer.exe . --------------- FCopy --------------- c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe --> c:\windows\system32\winlogon.exe c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll --> c:\windows\system32\mshtml.dll c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\system32\user32.dll c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll --> c:\windows\system32\wininet.dll c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\system32\explorer.exe c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe --> c:\windows\system32\ctfmon.exe c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe --> c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-23 au 2010-01-23 )))))))))))))))))))))))))))))))))))) . 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-01-22 17:19 . 2010-01-22 17:19 -------- d-----w- c:\program files\DivX 2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET 2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java 2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover 2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD 2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner 2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET 2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan 2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET 2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path 2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP 2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation 2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application 2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat 2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software 2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent 2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP 2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP 2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi 2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys 2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp 2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe 2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft 2010-01-09 23:58 . 2010-01-18 18:38 -------- d--h--w- c:\windows\msdownld.tmp 2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab 2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun 2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal 2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel 2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel 2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities 2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate 2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs 2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft 2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft 2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue 2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite 2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 10:08 . 2004-08-10 12:00 579186 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-23 10:08 . 2004-08-10 12:00 121260 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-23 00:05 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc 2010-01-22 16:36 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache 2010-01-22 08:57 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM 2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll 2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll 2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll 2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll 2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll 2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll 2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll 2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java 2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss 2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-12 08:01 . 2010-01-12 07:57 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll 2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works 2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-22 05:08 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll 2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER 2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe 2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe 2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser 2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA 2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC 2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer 2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live 2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer 2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot 2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft 2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live 2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod 2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime 2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update 2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS 2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 05:25 . 2006-03-04 03:35 671232 ----a-w- c:\windows\system32\wininet.dll . ------- Sigcheck ------- [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll [-] 2008-04-14 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2004-08-10 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe [-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe [-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe [7] 2009-08-04 . 63864AF70CAC631077A6C1223617336B . 2191360 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [7] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [7] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [7] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe [-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe [-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2004-08-10 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520] "EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 12:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2008-10-24 20:50 1451264 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 16:53 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdrcoms.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?] S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408] S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289] S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm Trusted Zone: mappy.com Trusted Zone: orange.fr Trusted Zone: voila.fr\rw.search.ke Trusted Zone: weborama.fr\orange . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 11:11 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28 \Driver\ACPI -> ACPI.sys @ 0xf7474cb8 \Driver\atapi -> atapi.sys @ 0xf73f4852 \Driver\iaStor -> 0x865e7150 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family -> SendCompleteHandler -> NDIS.sys @ 0xf720fbd4 PacketIndicateHandler -> NDIS.sys @ 0xf71fda0d SendHandler -> NDIS.sys @ 0xf7211b40 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a, a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}] @Denied: (Full) (Everyone) "Model"=dword:00000130 "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1372) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1460) c:\windows\system32\scecli.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(2632) c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxdrcoms.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2010-01-23 11:16:31 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-23 10:16 ComboFix2.txt 2010-01-23 09:30 ComboFix3.txt 2010-01-21 18:05 Avant-CF: 18 968 129 536 octets libres Après-CF: 18 928 607 232 octets libres - - End Of File - - 229BF50FBD74F3903EC4D434F40E6CA9 rapport MBR: Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK

je vois qu'il y a rootkit sur mon pc, grrrr....

voici le rapport, je n'ai pas eu à faire glisser le fichier dans combofix, c'est normal ou j'ai loupé quelque chose? et merci beaucoup pour l'aide apportée. ComboFix 10-01-20.06 - Jean Michel 21/01/2010 18:52:27.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.654 [GMT 1:00] Lancé depuis: c:\documents and settings\Jean Michel\Mes documents\Téléchargements\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD Driver Fix\QUAD Driver Fix.dat c:\windows\kb913800.exe c:\windows\system32\oem2.inf ----- BITS: Il y a peut-être des sites infectés ----- hxxp://armmf.adobe.com Une copie infectée de c:\windows\system32\midimap.dll a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-21 au 2010-01-21 )))))))))))))))))))))))))))))))))))) . 2010-01-21 17:52 . 2010-01-21 17:52 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\ESET 2010-01-20 18:59 . 2010-01-20 18:59 61440 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-sse.dll 2010-01-20 18:59 . 2010-01-20 18:59 503808 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcp71.dll 2010-01-20 18:59 . 2010-01-20 18:59 499712 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\jmc.dll 2010-01-20 18:59 . 2010-01-20 18:59 348160 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\msvcr71.dll 2010-01-20 18:59 . 2010-01-20 18:59 12800 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26b58d07-n\decora-d3d.dll 2010-01-20 18:58 . 2010-01-20 18:58 -------- d-----w- c:\program files\Fichiers communs\Java 2010-01-20 18:58 . 2010-01-20 18:58 315392 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_awt.dll 2010-01-20 18:58 . 2010-01-20 18:58 114688 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-5edfc046-n\jogl_cg.dll 2010-01-20 18:58 . 2010-01-20 18:58 20480 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-58e2e8a8-n\gluegen-rt.dll 2010-01-20 17:25 . 2010-01-20 17:38 -------- d-----w- C:\Ad-Remover 2010-01-20 16:09 . 2010-01-21 08:14 -------- d-----w- C:\ToolBar SD 2010-01-20 14:25 . 2010-01-20 15:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 14:25 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-20 14:25 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-20 14:25 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\program files\Avira 2010-01-20 14:25 . 2010-01-20 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-01-20 12:01 . 2010-01-20 12:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-20 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-20 11:51 . 2010-01-20 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-20 10:20 . 2010-01-20 10:20 -------- d-----w- c:\program files\CCleaner 2010-01-19 21:31 . 2010-01-19 21:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-01-19 09:20 . 2010-01-19 09:20 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\ESET 2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-01-19 08:54 . 2010-01-19 13:42 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QuickScan 2010-01-19 07:12 . 2010-01-19 09:18 -------- d-----w- c:\program files\ESET 2010-01-17 21:34 . 2010-01-18 11:08 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\The Path 2010-01-16 18:29 . 2010-01-16 19:10 -------- d-----w- c:\program files\Postal2STP 2010-01-16 15:55 . 2010-01-16 15:55 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-16 15:48 . 2010-01-20 15:10 -------- d-----w- c:\program files\RegCleaner 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- C:\ProgramData 2010-01-16 15:29 . 2010-01-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2010-01-16 15:13 . 2010-01-16 15:13 -------- d-----w- c:\program files\Intel Corporation 2010-01-14 23:20 . 2010-01-14 23:20 -------- d-----w- c:\program files\Micro Application 2010-01-13 23:01 . 2010-01-13 23:01 0 ----a-w- c:\windows\PowerReg.dat 2010-01-13 20:35 . 2010-01-13 20:35 -------- d-----w- c:\program files\Hobbyist Software 2010-01-13 10:55 . 2008-02-15 11:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-01-12 20:45 . 2010-01-19 15:28 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\uTorrent 2010-01-12 19:57 . 2010-01-12 19:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-01-12 12:06 . 2010-01-12 12:06 -------- d-----w- c:\program files\WinSCP 2010-01-12 07:57 . 2010-01-12 08:01 3149032 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmupdt.exe 2010-01-12 07:35 . 2010-01-14 12:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-01-12 07:35 . 2010-01-14 12:51 -------- d-----w- c:\program files\DAP 2010-01-11 20:54 . 2010-01-11 21:14 -------- d-----w- c:\program files\Ludi 2010-01-11 18:06 . 2010-01-11 18:06 -------- d-----w- c:\program files\Lavalys 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll 2010-01-11 16:47 . 2010-01-11 16:47 247296 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll 2010-01-11 13:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2010-01-10 14:09 . 2008-04-14 03:05 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-01-10 14:09 . 2008-04-14 03:05 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\program files\Hp 2010-01-10 12:20 . 2010-01-11 12:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\HpUpdate 2010-01-10 12:20 . 2010-01-10 12:20 -------- d-----w- c:\windows\Hewlett-Packard 2010-01-10 11:37 . 2010-01-10 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-10 11:17 . 2010-01-10 11:17 -------- d-----w- c:\windows\system32\Adobe 2010-01-10 09:39 . 2009-12-14 11:33 53248 ----a-w- c:\windows\system32\CSVer.dll 2010-01-10 01:20 . 2010-01-10 01:20 -------- d-----w- c:\program files\Driver-Soft 2010-01-09 23:58 . 2010-01-18 18:38 -------- d--h--w- c:\windows\msdownld.tmp 2010-01-09 23:57 . 2010-01-09 23:57 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\program files\SystemRequirementsLab 2010-01-09 23:57 . 2010-01-11 16:47 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab 2010-01-09 23:56 . 2010-01-09 23:56 -------- d-----w- c:\windows\Sun 2010-01-09 23:16 . 2010-01-09 23:16 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\igraal 2010-01-09 22:26 . 2010-01-10 14:15 -------- d-----w- c:\program files\Intel 2010-01-09 22:22 . 2010-01-09 22:22 -------- d-----w- C:\Intel 2010-01-09 21:03 . 2010-01-09 21:03 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\QUAD Utilities 2010-01-09 20:13 . 2010-01-09 23:59 -------- d-----w- C:\dxupdate 2010-01-09 12:19 . 2010-01-09 23:25 -------- d-----w- c:\windows\Logs 2010-01-09 11:50 . 2010-01-09 11:50 -------- d-----w- c:\program files\Microids 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\documents and settings\Jean Michel\Local Settings\Application Data\Conduit 2010-01-08 20:55 . 2010-01-08 20:55 -------- d-----w- c:\program files\Alcohol Soft 2010-01-08 17:42 . 2010-01-17 16:27 -------- d-----w- c:\program files\Ubisoft 2010-01-08 17:41 . 2010-01-12 19:00 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-01-08 16:14 . 2010-01-08 16:14 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Uniblue 2010-01-08 16:11 . 2010-01-08 16:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-08 16:10 . 2010-01-09 23:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DAEMON Tools Lite 2010-01-08 16:10 . 2010-01-08 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll 2010-01-08 11:14 . 2010-01-08 11:14 138240 ----a-w- c:\documents and settings\Jean Michel\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll 2010-01-06 11:19 . 2010-01-06 11:19 198064 ----a-w- c:\documents and settings\Jean Michel\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2010-01-06 11:18 . 2010-01-12 08:03 -------- d-----w- c:\program files\Internet Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-21 17:26 . 2009-08-20 07:40 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\DMCache 2010-01-21 15:48 . 2009-08-08 17:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\vlc 2010-01-21 06:16 . 2009-12-10 10:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 18:58 . 2009-12-18 05:40 -------- d-----w- c:\program files\Java 2010-01-20 18:57 . 2004-08-10 12:00 577118 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-20 18:57 . 2004-08-10 12:00 120088 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-20 10:36 . 2009-12-21 08:09 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\IDM 2010-01-17 16:38 . 2009-12-20 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-16 20:05 . 2009-08-20 08:07 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\dvdcss 2010-01-14 00:00 . 2009-09-03 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-10 20:16 . 2009-12-20 09:09 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-10 12:23 . 2009-08-10 13:32 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\program files\ma-config.com 2010-01-09 23:58 . 2009-08-09 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-01-09 23:56 . 2009-09-03 17:59 -------- d-----w- c:\program files\Microsoft Works 2010-01-09 23:56 . 2009-08-08 17:11 -------- d-----w- c:\program files\AIDA32 - Personal System Information 2010-01-06 09:27 . 2009-08-08 17:00 70016 ----a-w- c:\documents and settings\Jean Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-18 07:45 . 2009-12-18 07:45 161 ----a-w- C:\ipodpos.dll 2009-12-18 05:40 . 2009-12-18 05:40 152576 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-18 05:38 . 2009-12-18 05:38 79488 ----a-w- c:\documents and settings\Jean Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-17 16:14 . 2009-12-18 05:41 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-17 15:13 . 2009-12-17 15:13 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\GHISLER 2009-12-17 12:42 . 2009-12-17 12:42 25214 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe 2009-12-17 12:42 . 2009-12-17 12:42 10398 ----a-r- c:\documents and settings\Jean Michel\Application Data\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe 2009-12-17 12:42 . 2009-12-17 12:42 -------- d-----w- c:\program files\iPhoneBrowser 2009-12-17 12:40 . 2009-12-17 12:40 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA 2009-12-17 12:18 . 2009-12-16 05:12 -------- d-----w- c:\program files\Pod to PC 2009-12-16 05:31 . 2009-12-16 05:31 -------- d-----w- c:\program files\iPhone Explorer 2009-12-14 06:49 . 2009-12-14 06:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-14 05:26 . 2009-08-09 07:18 -------- d-----w- c:\program files\Messenger Plus! Live 2009-12-11 19:32 . 2009-12-10 08:57 -------- d-----w- c:\documents and settings\Jean Michel\Application Data\Apple Computer 2009-12-10 13:32 . 2009-08-20 14:09 -------- d-----w- c:\program files\Webtarot 2009-12-10 12:36 . 2004-08-10 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-12-10 11:49 . 2009-12-10 11:49 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-12-10 10:56 . 2009-12-10 10:54 -------- d-----w- c:\program files\Microsoft 2009-12-10 10:56 . 2009-08-09 07:14 -------- d-----w- c:\program files\Windows Live 2009-12-10 10:55 . 2009-12-10 10:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf 2009-12-10 09:01 . 2009-12-10 09:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-12-10 08:59 . 2009-12-10 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\program files\iTunes 2009-12-10 08:57 . 2009-12-10 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\iPod 2009-12-10 08:56 . 2009-12-10 08:54 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-12-10 08:56 . 2009-12-10 08:56 -------- d-----w- c:\program files\Bonjour 2009-12-10 08:56 . 2009-12-10 08:55 -------- d-----w- c:\program files\QuickTime 2009-12-10 08:55 . 2009-12-10 08:55 -------- d-----w- c:\program files\Apple Software Update 2009-12-09 16:11 . 2009-11-01 08:41 -------- d-----w- c:\program files\OrangeHSS 2009-11-21 15:58 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-10-29 05:25 . 2006-03-04 03:35 781312 ----a-w- c:\windows\system32\wininet.dll . ------- Sigcheck ------- [7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe [-] 2008-04-14 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . 917C64008889003E6EA19CF0793CBD72 . 551424 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2004-08-10 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll [-] 2008-04-14 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2004-08-10 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2009-10-29 . BD80B64DCB52FFA71CF5ACF8EDD3475F . 3091968 . . [6.00.2900.5897] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll [-] 2009-10-29 . 5ED9563F98C6CDCD94F15F709D28ABD9 . 3420672 . . [6.00.2900.5897] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2009-10-29 . 5ED9563F98C6CDCD94F15F709D28ABD9 . 3420672 . . [6.00.2900.5897] . . c:\windows\system32\mshtml.dll [-] 2009-10-29 . 5ED9563F98C6CDCD94F15F709D28ABD9 . 3420672 . . [6.00.2900.5897] . . c:\windows\system32\dllcache\mshtml.dll [7] 2009-10-29 . 68A29F2A4EA35F40339FC89549F388CE . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll [7] 2009-07-18 . E0E80E9B1B3321B1AF943720AB16E7C2 . 3090432 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll [7] 2009-07-18 . 169C482CD18E2A1D80135974902F88F7 . 3090432 . . [6.00.2900.3603] . . c:\windows\$NtServicePackUninstall$\mshtml.dll [7] 2009-07-18 . 4E816F8F7F18C2774EC5BACAC42635C0 . 3090944 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll [-] 2006-03-23 . AC77AAD0D3F9D6490F7B5F697DDAD483 . 3076608 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [7] 2009-08-04 . 263FA3A73C588A26306D3B403A45F5A9 . 2191232 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe [-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe [-] 2009-08-04 . D71FF6FAA532E7682B60563B102BE5FF . 2352384 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe [7] 2009-08-04 . 63864AF70CAC631077A6C1223617336B . 2191360 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [7] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [7] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [7] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll [-] 2008-04-14 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2004-08-10 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll [7] 2009-10-29 . D89926AF5796E322D229B1C2E4FC8D1D . 671232 . . [6.00.2900.5897] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll [-] 2009-10-29 . 8F47476357801445A9E911CB0E977896 . 781312 . . [6.00.2900.5897] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2009-10-29 . 8F47476357801445A9E911CB0E977896 . 781312 . . [6.00.2900.5897] . . c:\windows\system32\wininet.dll [-] 2009-10-29 . 8F47476357801445A9E911CB0E977896 . 781312 . . [6.00.2900.5897] . . c:\windows\system32\dllcache\wininet.dll [7] 2009-10-29 . 1DF357F4537A7F5D77F46D9C4F36DDF0 . 672768 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll [7] 2009-06-26 . 1B086DE4AFB06F40C5949992314738D4 . 670720 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll [7] 2009-06-26 . 421625BFBCED3CCAFC30EBA47A05CECB . 672256 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll [7] 2009-06-26 . D7F5C0B6497908C84F9C1E9D2BB36396 . 672256 . . [6.00.2900.3592] . . c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2006-03-04 . 241DBC4C2714B2F39AFDED49459ED420 . 667648 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll [-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\explorer.exe [7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe [-] 2008-04-14 . B45DA298E42C7A44BA96AED93B1D7359 . 1544704 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2004-08-10 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe [7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe [-] 2008-04-14 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2004-08-10 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [7] 2009-08-04 . FE0C9C9035E3FDC193255C646BAC2C3D . 2068224 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe [7] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [7] 2009-08-04 . 6472BC2A0D37D13D9D177CCC11F9726B . 2068096 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe [-] 2009-08-04 . F1F94329C1282B42F4C1513CF7E3A0C9 . 2229248 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2009-08-04 . F1F94329C1282B42F4C1513CF7E3A0C9 . 2229248 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe [-] 2009-08-04 . F1F94329C1282B42F4C1513CF7E3A0C9 . 2229248 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe [7] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe [7] 2009-02-09 . 0150FE5C1E07F8AE422FEC6C8E8A0C98 . 2065024 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [7] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520] "EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdrcoms.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [20/01/2010 15:25 108289] R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21/12/2007 09:21 468224] R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?] S3 gtermddo;gtermddo;\??\c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\JEANMI~1\LOCALS~1\Temp\gtermddo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/12/2009 09:54 17408] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/01/2010 17:11 691696] . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm Trusted Zone: mappy.com Trusted Zone: orange.fr Trusted Zone: voila.fr\rw.search.ke Trusted Zone: weborama.fr\orange . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{ec69794b-60b3-44fe-a0b1-1efebfc131eb} - (no file) URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - c:\progra~1\DAP\SBSearch.dll WebBrowser-{EC69794B-60B3-44FE-A0B1-1EFEBFC131EB} - (no file) HKCU-RunOnce-Iminent.Notifier Install - c:\docume~1\JEANMI~1\LOCALS~1\Temp\NotifierSetup.exe Notify-dimsntfy - (no file) AddRemove-Postal 2 Share The Pain - c:\windows\unvise32.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-21 19:00 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Iminent.Notifier Install = "c:\docume~1\JEANMI~1\LOCALS~1\Temp\NotifierSetup.exe" /s????????????????? ?????X?>???>?????????????????????????Stealth?????????????????????1.0.6???????????????????????D???????H?????????>???????????????????????????????????>?????????H?>?L?>?L?>?????????????????????????????????????????l???l?>?x?>?????n???S?o?f?t?w?a?r?e?\?I?m?i?n?e?n?t?\?N?o?t?i?f?i?e?r???????????????????Y???????t?p?:?/?/?v?z?.?i?m Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865E7150]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7602f28 \Driver\ACPI -> ACPI.sys @ 0xf7474cb8 \Driver\atapi -> atapi.sys @ 0xf73f4852 \Driver\iaStor -> 0x865e7150 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: Réseau local Broadcom 802.11b/g -> SendCompleteHandler -> NDIS.sys @ 0xf720ebb0 PacketIndicateHandler -> NDIS.sys @ 0xf721ba21 SendHandler -> NDIS.sys @ 0xf71f987b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):84,40,8c,45,6e,07,ad,4e,5e,50,66,e5,4e,a1,14,b5,15,c9,3d,34,9a, a3,b3,f4,1d,6c,fc,e7,3e,f5,c4,3a,fa,0d,63,14,87,17,41,38,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8b9f29eb-a9bc-4695-97ad-7603c028e8b0}] @Denied: (Full) (Everyone) "Model"=dword:00000130 "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1668) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1844) c:\windows\system32\scecli.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(1548) c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\lxdrcoms.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\dllhost.exe c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2010-01-21 19:05:28 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-21 18:05 Avant-CF: 21 615 984 640 octets libres Après-CF: 22 775 627 776 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - A24F3091C8DF7B9FEC67E1CEEBFAF3F9