Aller au contenu

Papillon_des_neiges

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    15

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Papillon_des_neiges

  1. Papillon_des_neiges
    Ah ok, j'avais pas vu effectivement. Reste-t-il des choses à faire avant de signaler que ce post est résolu ?
  2. Papillon_des_neiges
    Mille fois merci, MBAM ne trouve rien (comme le montre le rapport copié collé). J'effacerai moi même les petits logiciels...je comprends que vous ne vouliez plus m'aider puisque j'ai aussi poster mon problème ailleurs (je devais régler mon problème au plus vite, donc écouter le premier qui me réponde pendant des fêtes de Noël où tout est "gelé". Je n'aurais pas fait cela en temps normal, je me doutais que ce n'étais pas correct malgré que je ne me sois jamais inscrit auparavant à un forum, mais je n'ai pas eu le courage d'aller vérifier ou de demander...I apologize. Bonnes fêtes à vous. Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3402 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 21/12/2009 21:18:56 mbam-log-2009-12-21 (21-18-56).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 592569 Temps écoulé: 4 hour(s), 15 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  3. Papillon_des_neiges
    Bon, j'avais pas redémarrer...et il se trouve qu'explorer.exe s'était figé. Ça va beaucoup mieux maintenant. Le Pc fonctionne super bien. Merci mille fois. Est-ce que je réactive le controle des utilisateurs ? est-ce que je supprime tous les petits logiciels de scannage et sécurité téléchargés sur mon pc ?
  4. Papillon_des_neiges
    Mon pc fonctionnait super bien à nouveau il y a dix minutes, et j'ai fait le truc concernant atapi.sys, et là il est devenu très instable : internet et autres programmes ont très souvent des instants "ne répond pas". Il m'a fallu 5 minutes pour écrire cette phrase ! qu'est-ce que je fais ?
  5. Papillon_des_neiges
    ComboFix 09-12-19.03 - SaMi 21/12/2009 14:13:06.8.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2045.1223 [GMT 1:00] Lancé depuis: c:\users\SaMi\Desktop\22989-CF.exe Commutateurs utilisés :: c:\users\SaMi\Desktop\CFScript.txt FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\system32\drivers\atapi.sys --> c:\windows\atapi.sys.vir c:\windows\ERDNT\cache\atapi.sys --> c:\windows\system32\drivers\atapi.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-21 au 2009-12-21 )))))))))))))))))))))))))))))))))))) . 2009-12-21 13:29 . 2009-12-21 13:32 -------- d-----w- c:\users\SaMi\AppData\Local\temp 2009-12-21 13:29 . 2009-12-21 13:29 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-12-21 13:29 . 2009-12-21 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-21 13:13 . 2009-12-20 15:26 19944 ----a-w- c:\windows\atapi.sys.vir 2009-12-21 01:36 . 2009-12-21 01:36 -------- dc----w- C:\Kill'em 2009-12-21 00:25 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-21 00:25 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-12-21 00:25 . 2009-12-21 00:25 -------- d-----w- c:\programdata\Avira 2009-12-21 00:25 . 2009-12-21 00:25 -------- d-----w- c:\program files\Avira 2009-12-20 22:58 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-20 22:58 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-20 22:58 . 2009-12-20 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-20 16:24 . 2009-12-20 16:24 -------- d-----w- C:\rsit 2009-12-20 15:58 . 2009-12-20 22:36 -------- dc----w- C:\Malwarebytes' Anti-Malware 2009-12-20 15:22 . 2009-12-20 15:22 19944 ----a-w- c:\windows\system32\drivers\tsk_atapi.sys 2009-12-20 15:20 . 2009-12-20 23:58 -------- d-----w- C:\tdsskiller 2009-12-20 14:03 . 2009-12-20 14:06 -------- d-----w- c:\program files\Toolbar Uninstaller 2009-12-19 16:44 . 2009-12-19 16:44 -------- d-----w- c:\program files\ZHPDiag 2009-12-19 00:26 . 2009-12-19 00:26 -------- dc----w- C:\IBMTOOLS 2009-12-18 20:12 . 2009-12-20 22:30 -------- d-----w- c:\programdata\ma-config.com 2009-12-18 20:12 . 2009-12-20 22:30 -------- d-----w- c:\program files\ma-config.com 2009-12-18 19:04 . 2009-12-18 19:04 -------- d-----w- c:\program files\Western Digital 2009-12-09 13:10 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-09 13:10 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-09 13:10 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-09 12:59 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll 2009-12-05 16:10 . 2009-12-05 16:11 -------- d-----w- c:\program files\QuickTime 2009-12-01 11:26 . 2009-12-01 20:29 -------- d-----w- c:\users\SaMi\AppData\Roaming\GlarySoft 2009-12-01 11:12 . 2009-12-01 11:12 -------- d-----w- c:\program files\Glary Utilities 2009-11-29 20:40 . 2009-12-01 20:53 -------- d-----w- c:\program files\zztoy 2009-11-29 16:46 . 2009-11-29 16:46 -------- d-----w- c:\program files\Uniblue 2009-11-29 02:07 . 2009-11-29 02:07 -------- d-----w- c:\program files\Sleepy 2009-11-28 18:10 . 2009-12-20 15:06 -------- d-----w- c:\program files\Trend Micro 2009-11-27 06:07 . 2009-11-27 06:07 -------- d-----w- c:\program files\Common Files\xing shared 2009-11-27 06:00 . 2009-11-27 06:01 -------- d-----w- c:\users\Default\AppData\Local\Adobe 2009-11-25 01:41 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 00:47 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 00:47 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-21 13:33 . 2009-12-20 23:13 83524 ----a-w- c:\programdata\nvModes.dat 2009-12-21 13:32 . 2009-02-10 18:42 352615 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-12-21 12:53 . 2006-11-02 15:48 535606 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-21 12:53 . 2006-11-02 15:48 1871976 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-21 00:11 . 2009-07-18 18:31 -------- d-----w- c:\programdata\NVIDIA 2009-12-20 22:33 . 2007-12-10 22:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-12-20 22:31 . 2008-12-24 03:06 -------- d-----w- c:\program files\Emule049b 2009-12-20 17:10 . 2007-08-24 11:16 -------- d-----w- c:\programdata\Google Updater 2009-12-20 04:17 . 2006-12-02 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-20 04:17 . 2006-12-10 10:30 -------- d-----w- c:\program files\Acer Arcade Deluxe 2009-12-20 03:59 . 2007-04-09 15:26 -------- d-----w- c:\program files\Acer Inc 2009-12-19 05:03 . 2008-02-01 22:00 -------- d-----w- c:\program files\eMule 2009-12-16 21:36 . 2007-08-26 20:58 -------- d-----w- c:\users\SaMi\AppData\Roaming\dvdcss 2009-12-09 13:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-09 13:12 . 2008-05-19 13:32 -------- d-----w- c:\programdata\Microsoft Help 2009-12-06 12:28 . 2009-02-05 15:24 -------- d-----w- c:\program files\Sam Scanner 2009-12-01 23:48 . 2009-02-17 17:37 1356 ----a-w- c:\users\SaMi\AppData\Local\d3d9caps.dat 2009-12-01 20:23 . 2008-01-03 06:46 -------- d-----w- c:\program files\WinImage 2009-12-01 20:21 . 2008-06-27 21:14 -------- d-----w- c:\users\SaMi\AppData\Roaming\Todae 2009-11-29 16:32 . 2009-01-20 07:06 -------- d-----w- c:\users\SaMi\AppData\Roaming\Uniblue 2009-11-28 19:45 . 2007-08-24 11:19 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-27 06:07 . 2007-10-06 00:19 -------- d-----w- c:\program files\Common Files\Real 2009-11-21 06:40 . 2009-12-09 13:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-09 13:00 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 06:34 . 2009-12-09 13:00 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 04:59 . 2009-12-09 13:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-19 00:55 . 2009-11-08 02:29 -------- d-----w- c:\program files\DIFX 2009-11-19 00:51 . 2009-11-19 00:51 -------- d-----w- c:\program files\Common Files\PCSuite 2009-11-19 00:51 . 2009-11-19 00:51 -------- d-----w- c:\program files\Common Files\Nokia 2009-11-19 00:51 . 2009-11-08 02:19 -------- d-----w- c:\program files\Nokia 2009-11-19 00:46 . 2009-11-19 00:46 -------- d-----w- c:\program files\PC Connectivity Solution 2009-11-19 00:34 . 2008-07-19 17:36 -------- d-----w- c:\programdata\Installations 2009-11-17 19:58 . 2009-11-17 19:58 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-17 19:57 . 2009-11-17 19:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-17 19:55 . 2009-11-17 19:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-14 16:59 . 2009-11-08 02:37 -------- d-----w- c:\users\SaMi\AppData\Roaming\Nokia 2009-11-14 16:59 . 2009-11-08 02:37 -------- d-----w- c:\users\SaMi\AppData\Roaming\PC Suite 2009-11-08 02:45 . 2009-11-08 02:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-11-08 02:44 . 2009-11-08 02:37 -------- d-----w- c:\programdata\PC Suite 2009-11-08 02:44 . 2009-11-08 02:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-11-08 02:01 . 2009-11-08 02:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2009-11-02 19:42 . 2009-10-03 08:05 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-01 22:54 . 2007-08-13 21:02 115160 ----a-w- c:\users\SaMi\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-08 21:08 . 2009-11-17 18:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-17 18:05 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-17 18:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-06 10:52 . 2008-05-02 09:58 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-10-01 01:02 . 2009-11-17 18:08 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-17 18:08 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-17 18:08 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-17 18:08 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-17 18:08 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-17 18:08 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-17 18:08 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-17 18:08 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-17 18:08 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-17 18:08 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-17 18:08 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-17 18:08 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01 . 2009-11-17 18:08 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01 . 2009-11-17 18:08 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01 . 2009-11-17 18:08 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-10-01 01:01 . 2009-11-17 18:08 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-09-25 02:10 . 2009-11-17 18:09 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-17 18:09 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-17 18:09 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-17 18:09 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-17 18:09 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-17 18:09 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-17 18:09 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-17 18:09 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-17 18:09 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-17 18:09 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-17 18:09 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-17 18:09 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-17 18:09 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-17 18:09 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-17 18:09 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-17 18:09 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-17 18:09 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-17 18:09 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-17 18:09 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:30 . 2009-11-17 18:09 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:27 . 2009-11-17 18:09 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-17 18:09 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-17 18:09 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-17 18:09 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-17 18:09 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-17 18:09 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-17 18:09 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\humnfsoverlay] @="{647E9AF4-DF80-40EF-B7FB-1B1B0C221193}" [HKEY_CLASSES_ROOT\CLSID\{647E9AF4-DF80-40EF-B7FB-1B1B0C221193}] 2005-09-21 06:47 67240 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcnfsexp.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2009-01-20 517768] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2007-01-02 16:58 464168 -c----w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HumMeteringClient] 2005-09-21 06:45 153288 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\Accessories\MeteringClient.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-01-10 09:34 200704 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NFSUserSIDGSSLink] 2005-09-21 06:47 38560 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\HumGSS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2006-11-09 18:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-11-27 06:07 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check] 2007-01-23 09:12 81920 ----a-w- c:\windows\System32\PCLECoInst.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] 2006-10-16 12:50 202312 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-05 19:48 57344 -c--a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] 2006-11-09 12:37 86016 ----a-w- c:\program files\Launch Manager\WButton.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Malwarebytes Anti-Malware (reboot)"="c:\program files\zztoy\zztoy.exe" /runcleanupscript "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):5e,46,6f,19,2d,3d,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1576903536-255805909-3727375607-1000] "EnableNotificationsRef"=dword:00000001 R1 LUM;LUM;c:\windows\System32\drivers\LUM.sys [05/06/2007 17:57 16528] R1 LUMDriver;LUMDriver;c:\windows\System32\drivers\LUMDriver.sys [24/04/2007 16:52 16688] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/12/2009 01:25 108289] R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [06/09/2005 22:11 35840] R2 HCLNFS;HCLNFS;c:\windows\System32\drivers\hclnfs.sys [21/09/2005 07:47 283720] R2 Vcs;Vcs support;c:\windows\System32\drivers\Vcs.sys [18/01/2009 23:38 6852] S2 gupdate1c9d6f5d4e428f5;Service Google Update (gupdate1c9d6f5d4e428f5);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 14:45 133104] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [31/05/2008 04:26 21504] S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\System32\drivers\Ltn_stk7070P.sys [16/09/2008 23:30 466048] S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\System32\drivers\Ltn_stkrc.sys [16/09/2008 23:30 13440] S3 PctvVirtualNdis;Pinnacle Virtual Miniport;c:\windows\System32\drivers\PctvVirtualNdis.sys [31/03/2009 21:38 13696] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [09/04/2007 16:29 118784] S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [14/08/2007 09:47 80744] S4 HCLExport;Hummingbird Export;c:\windows\System32\Hummingbird\Connectivity\11.00\NFS Maestro\expserv.exe [21/09/2005 07:47 63136] S4 HumNamemapping;Hummingbird Name Mapping Server;c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\Humnmap.exe [21/09/2005 07:47 91816] S4 HUMNFSServer;Hummingbird NFS Maestro Server;c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcwinsvr.exe [21/09/2005 07:47 226992] S4 HUMPortmapper;Hummingbird Port Mapper;c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcportmp.exe [21/09/2005 07:47 59040] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808] S4 PESRV;Hummingbird HostExplorer Print Services;c:\program files\Hummingbird\Connectivity\11.00\HostExplorer\PrintServices\PESRV.exe [21/09/2005 07:46 149152] S4 ProxyEngine;Hummingbird Proxy Server;c:\program files\Hummingbird\Connectivity\11.00\Accessories\ProxyEngine.exe [21/09/2005 07:45 120496] --- Autres Services/Pilotes en mémoire --- *Deregistered* - IDSvix86 *Deregistered* - SYMDNS *Deregistered* - SymEvent *Deregistered* - SYMFW *Deregistered* - SYMIDS *Deregistered* - SYMNDISV *Deregistered* - SYMREDRV *Deregistered* - SYMTDI [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FE827D64-FD1F-40B4-86B1-F3683B7D7959}] 2005-09-21 06:45 91816 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\Accessories\HumSettings.exe . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Tout télécharger avec Free Download Manager - file://d:\free download manager\dlall.htm IE: Télécharger avec Free Download Manager - file://d:\free download manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://d:\free download manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://d:\free download manager\dlfvideo.htm LSP: c:\program files\Hummingbird\Connectivity\11.00\Exceed\humshmx.dll Trusted Zone: tellmemorecampus.com\www Trusted Zone: tellmemorecampus.com\www3 Trusted Zone: tellmemorecampus.com\www Trusted Zone: tellmemorecampus.com\www3 FF - ProfilePath - c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-21 14:32 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1#]%#%] @Class="Shell" @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1#]%#%\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%&*#*] @Class="Shell" @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%&*#*\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%#*#*] @Class="Shell" @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%#*#*\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:8e,af,d5,c2,45,b6,7d,74,ae,b7,69,08,5f,f5,e9,a3,ce,6f,51,91,94, e0,85,05,ff,48,23,87,2b,ea,25,1e,dc,43,69,6c,1c,70,33,ac,68,94,87,86,dd,18,\ "rkeysecu"=hex:23,96,34,e3,ef,77,0c,36,a8,6e,fb,2a,c5,6c,43,cf [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(1752) c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcnfsexp.dll c:\windows\system32\hndsvc11.dll c:\windows\system32\hcldes11.dll c:\windows\system32\hnrpc11.dll c:\windows\system32\hnutil11.dll c:\windows\system32\hnip11.dll c:\windows\system32\hclnis11.dll c:\windows\system32\hnsrch11.dll c:\windows\system32\hnldap11.dll c:\windows\system32\humnmapclient11.dll c:\windows\system32\hcnfslog11.dll c:\windows\system32\hcsvrcmn.dll c:\windows\system32\humsvrgui.dll c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\humprdns.dll c:\windows\system32\hndcfg11.dll c:\windows\system32\hcscmnnl.fra.nls c:\windows\system32\hndcfg11.fra.nls c:\windows\system32\hclnis11.fra.nls c:\program files\hummingbird\connectivity\11.00\nfs maestro\hcnfsexn.fra.nls c:\windows\system32\Hummingbird\Connectivity\11.00\Accessories\Humcluster.dll c:\program files\Hummingbird\Connectivity\11.00\Hummingbird Neighborhood\heshell.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\program files\Hummingbird\Connectivity\11.00\Hummingbird Neighborhood\hncomlib.dll c:\program files\Hummingbird\Connectivity\11.00\Hummingbird Neighborhood\humprdfw.dll c:\program files\Hummingbird\Connectivity\11.00\Accessories\Humpud.dll c:\program files\hummingbird\connectivity\11.00\accessories\humsettings.fra.nls c:\windows\System32\hcnfsclt.dll c:\windows\System32\hnnfsd11.dll c:\windows\System32\hnfsconn.dll c:\windows\System32\hnfscore.dll c:\windows\system32\hcnfsmpr.fra.nls . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\windows\System32\ZoneLabs\vsmon.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\agrsmsvc.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2009-12-21 14:47:30 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-21 13:47 ComboFix2.txt 2009-12-20 23:27 Avant-CF: 15 992 221 696 octets libres Après-CF: 15 983 398 912 octets libres - - End Of File - - D440D2DDBF51245D691939E92517FDB7
  6. Papillon_des_neiges
    LA SUITE : [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2007-01-02 16:58 464168 -c----w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HumMeteringClient] 2005-09-21 06:45 153288 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\Accessories\MeteringClient.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp] 2005-07-25 11:36 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-01-10 09:34 200704 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NFSUserSIDGSSLink] 2005-09-21 06:47 38560 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\HumGSS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2006-11-09 18:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-11-27 06:07 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check] 2007-01-23 09:12 81920 ----a-w- c:\windows\System32\PCLECoInst.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] 2006-10-16 12:50 202312 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-05 19:48 57344 -c--a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton] 2006-11-09 12:37 86016 ----a-w- c:\program files\Launch Manager\WButton.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] 2008-03-03 14:05 959976 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Malwarebytes Anti-Malware (reboot)"="c:\program files\zztoy\zztoy.exe" /runcleanupscript "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):5e,46,6f,19,2d,3d,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1576903536-255805909-3727375607-1000] "EnableNotificationsRef"=dword:00000001 R1 LUM;LUM;c:\windows\System32\drivers\LUM.sys [05/06/2007 17:57 16528] R1 LUMDriver;LUMDriver;c:\windows\System32\drivers\LUMDriver.sys [24/04/2007 16:52 16688] R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [06/09/2005 22:11 35840] R2 HCLNFS;HCLNFS;c:\windows\System32\drivers\hclnfs.sys [21/09/2005 07:47 283720] R2 Vcs;Vcs support;c:\windows\System32\drivers\Vcs.sys [18/01/2009 23:38 6852] S2 gupdate1c9d6f5d4e428f5;Service Google Update (gupdate1c9d6f5d4e428f5);c:\program files\Google\Update\GoogleUpdate.exe [17/05/2009 14:45 133104] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [31/05/2008 04:26 21504] S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\System32\drivers\Ltn_stk7070P.sys [16/09/2008 23:30 466048] S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\System32\drivers\Ltn_stkrc.sys [16/09/2008 23:30 13440] S3 PctvVirtualNdis;Pinnacle Virtual Miniport;c:\windows\System32\drivers\PctvVirtualNdis.sys [31/03/2009 21:38 13696] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [09/04/2007 16:29 118784] S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [14/08/2007 09:47 80744] S4 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [15/07/2009 18:38 108289] S4 HCLExport;Hummingbird Export;c:\windows\System32\Hummingbird\Connectivity\11.00\NFS Maestro\expserv.exe [21/09/2005 07:47 63136] S4 HumNamemapping;Hummingbird Name Mapping Server;c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\Humnmap.exe [21/09/2005 07:47 91816] S4 HUMNFSServer;Hummingbird NFS Maestro Server;c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcwinsvr.exe [21/09/2005 07:47 226992] S4 HUMPortmapper;Hummingbird Port Mapper;c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcportmp.exe [21/09/2005 07:47 59040] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808] S4 PESRV;Hummingbird HostExplorer Print Services;c:\program files\Hummingbird\Connectivity\11.00\HostExplorer\PrintServices\PESRV.exe [21/09/2005 07:46 149152] S4 ProxyEngine;Hummingbird Proxy Server;c:\program files\Hummingbird\Connectivity\11.00\Accessories\ProxyEngine.exe [21/09/2005 07:45 120496] --- Autres Services/Pilotes en mémoire --- *Deregistered* - IDSvix86 *Deregistered* - SYMDNS *Deregistered* - SymEvent *Deregistered* - SYMFW *Deregistered* - SYMIDS *Deregistered* - SYMNDISV *Deregistered* - SYMREDRV *Deregistered* - SYMTDI [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FE827D64-FD1F-40B4-86B1-F3683B7D7959}] 2005-09-21 06:45 91816 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\Accessories\HumSettings.exe . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.google.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Tout télécharger avec Free Download Manager - file://d:\free download manager\dlall.htm IE: Télécharger avec Free Download Manager - file://d:\free download manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://d:\free download manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://d:\free download manager\dlfvideo.htm LSP: c:\program files\Hummingbird\Connectivity\11.00\Exceed\humshmx.dll Trusted Zone: tellmemorecampus.com\www Trusted Zone: tellmemorecampus.com\www3 Trusted Zone: tellmemorecampus.com\www Trusted Zone: tellmemorecampus.com\www3 FF - ProfilePath - c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-eRecoveryService - (no file) MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe AddRemove-AviSynth2 - c:\program files\AviSynth2\uninst.exe AddRemove-HijackThis - c:\users\SaMi\Desktop\HijackThis.exe AddRemove-BitTorrent - d:\bittorrent\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-21 00:19 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1]%%] @Class="Shell" @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1]%%\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%&**] @Class="Shell" @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%&**\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%**] @Class="Shell" @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%**\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-1576903536-255805909-3727375607-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:8e,af,d5,c2,45,b6,7d,74,ae,b7,69,08,5f,f5,e9,a3,ce,6f,51,91,94, e0,85,05,ff,48,23,87,2b,ea,25,1e,dc,43,69,6c,1c,70,33,ac,68,94,87,86,dd,18,\ "rkeysecu"=hex:23,96,34,e3,ef,77,0c,36,a8,6e,fb,2a,c5,6c,43,cf [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Heure de fin: 2009-12-21 00:27:03 ComboFix-quarantined-files.txt 2009-12-20 23:27 Avant-CF: 16 279 748 608 octets libres Après-CF: 16 254 607 360 octets libres - - End Of File - - 602C1CF32C1B14CCD5FC2BA03A1F6D72 Il y a plein de fichiers dll créés depuis un mois dans système 32 et qui ne correspondent à rien de sympa...mon infection coïncide avec leur date de création, c'était bien vers le 25 et 26 novembre 2009. Que fait-on maintenant ? ps: merci pour tout ce qu'on a déja fait car pour une fois depuis un mois, combofix fonctionne ! bon, par contre, j'ai hate de voir si vraiment tout refonctionne (antivir, zonealarm...)
  7. Papillon_des_neiges
    J'avais bien redémarré le pc après le scan tdssKiller...j'ai pu faire ce scan combofix. Voici le rapport : ComboFix 09-12-19.03 - SaMi 21/12/2009 0:02.7.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2045.1114 [GMT 1:00] Lancé depuis: c:\users\SaMi\Desktop\22989-CF.exe FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-20 au 2009-12-20 )))))))))))))))))))))))))))))))))))) . 2009-12-20 23:19 . 2009-12-20 23:19 -------- d-----w- c:\users\SaMi\AppData\Local\temp 2009-12-20 23:19 . 2009-12-20 23:19 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-12-20 23:19 . 2009-12-20 23:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-20 22:58 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-20 22:58 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-20 22:58 . 2009-12-20 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-20 22:53 . 2009-12-20 22:53 -------- d-----w- c:\windows\LastGood 2009-12-20 16:48 . 2009-12-20 16:48 -------- dc----w- C:\Kill'em 2009-12-20 16:24 . 2009-12-20 16:24 -------- d-----w- C:\rsit 2009-12-20 15:58 . 2009-12-20 22:36 -------- dc----w- C:\Malwarebytes' Anti-Malware 2009-12-20 15:22 . 2009-12-20 15:22 19944 ----a-w- c:\windows\system32\drivers\tsk_atapi.sys 2009-12-20 15:21 . 2009-12-20 15:21 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys 2009-12-20 15:20 . 2009-12-20 15:20 -------- d-----w- C:\tdsskiller 2009-12-20 14:03 . 2009-12-20 14:06 -------- d-----w- c:\program files\Toolbar Uninstaller 2009-12-19 16:44 . 2009-12-19 16:44 -------- d-----w- c:\program files\ZHPDiag 2009-12-19 00:26 . 2009-12-19 00:26 -------- dc----w- C:\IBMTOOLS 2009-12-18 20:12 . 2009-12-20 22:30 -------- d-----w- c:\programdata\ma-config.com 2009-12-18 20:12 . 2009-12-20 22:30 -------- d-----w- c:\program files\ma-config.com 2009-12-18 19:04 . 2009-12-18 19:04 -------- d-----w- c:\program files\Western Digital 2009-12-09 13:10 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-09 13:10 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-09 13:10 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-09 12:59 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll 2009-12-05 16:10 . 2009-12-05 16:11 -------- d-----w- c:\program files\QuickTime 2009-12-01 11:26 . 2009-12-01 20:29 -------- d-----w- c:\users\SaMi\AppData\Roaming\GlarySoft 2009-12-01 11:12 . 2009-12-01 11:12 -------- d-----w- c:\program files\Glary Utilities 2009-11-29 20:40 . 2009-12-01 20:53 -------- d-----w- c:\program files\zztoy 2009-11-29 16:46 . 2009-11-29 16:46 -------- d-----w- c:\program files\Uniblue 2009-11-29 02:07 . 2009-11-29 02:07 -------- d-----w- c:\program files\Sleepy 2009-11-28 18:10 . 2009-12-20 15:06 -------- d-----w- c:\program files\Trend Micro 2009-11-27 06:07 . 2009-11-27 06:07 -------- d-----w- c:\program files\Common Files\xing shared 2009-11-27 06:00 . 2009-11-27 06:01 -------- d-----w- c:\users\Default\AppData\Local\Adobe 2009-11-25 01:41 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 00:47 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 00:47 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-20 23:13 . 2009-12-20 23:13 55788 ----a-w- c:\programdata\nvModes.dat 2009-12-20 23:01 . 2009-01-05 03:11 1 ----a-w- c:\users\SaMi\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-12-20 22:57 . 2006-11-02 15:48 503938 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-20 22:57 . 2006-11-02 15:48 1780320 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-20 22:37 . 2009-02-10 18:42 352615 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-12-20 22:33 . 2007-12-10 22:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-12-20 22:31 . 2008-12-24 03:06 -------- d-----w- c:\program files\Emule049b 2009-12-20 17:10 . 2007-08-24 11:16 -------- d-----w- c:\programdata\Google Updater 2009-12-20 15:26 . 2009-09-24 14:14 19944 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-12-20 04:17 . 2006-12-02 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-20 04:17 . 2006-12-10 10:30 -------- d-----w- c:\program files\Acer Arcade Deluxe 2009-12-20 03:59 . 2007-04-09 15:26 -------- d-----w- c:\program files\Acer Inc 2009-12-19 05:03 . 2008-02-01 22:00 -------- d-----w- c:\program files\eMule 2009-12-17 12:29 . 2009-03-25 15:50 15826810 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-12-16 21:36 . 2007-08-26 20:58 -------- d-----w- c:\users\SaMi\AppData\Roaming\dvdcss 2009-12-11 02:43 . 2009-07-15 17:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-09 13:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-09 13:12 . 2008-05-19 13:32 -------- d-----w- c:\programdata\Microsoft Help 2009-12-06 12:28 . 2009-02-05 15:24 -------- d-----w- c:\program files\Sam Scanner 2009-12-01 23:48 . 2009-02-17 17:37 1356 ----a-w- c:\users\SaMi\AppData\Local\d3d9caps.dat 2009-12-01 20:23 . 2008-01-03 06:46 -------- d-----w- c:\program files\WinImage 2009-12-01 20:21 . 2008-06-27 21:14 -------- d-----w- c:\users\SaMi\AppData\Roaming\Todae 2009-11-29 16:32 . 2009-01-20 07:06 -------- d-----w- c:\users\SaMi\AppData\Roaming\Uniblue 2009-11-28 19:45 . 2007-08-24 11:19 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-27 06:07 . 2007-10-06 00:19 -------- d-----w- c:\program files\Common Files\Real 2009-11-21 06:40 . 2009-12-09 13:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-09 13:00 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 06:34 . 2009-12-09 13:00 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 04:59 . 2009-12-09 13:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-19 00:55 . 2009-11-08 02:29 -------- d-----w- c:\program files\DIFX 2009-11-19 00:51 . 2009-11-19 00:51 -------- d-----w- c:\program files\Common Files\PCSuite 2009-11-19 00:51 . 2009-11-19 00:51 -------- d-----w- c:\program files\Common Files\Nokia 2009-11-19 00:51 . 2009-11-08 02:19 -------- d-----w- c:\program files\Nokia 2009-11-19 00:46 . 2009-11-19 00:46 -------- d-----w- c:\program files\PC Connectivity Solution 2009-11-19 00:34 . 2008-07-19 17:36 -------- d-----w- c:\programdata\Installations 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-19 00:34 . 2009-11-19 00:35 34503600 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_fre.exe 2009-11-17 19:58 . 2009-11-17 19:58 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-17 19:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-17 19:57 . 2009-11-17 19:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-17 19:55 . 2009-11-17 19:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-14 16:59 . 2009-11-08 02:37 -------- d-----w- c:\users\SaMi\AppData\Roaming\Nokia 2009-11-14 16:59 . 2009-11-08 02:37 -------- d-----w- c:\users\SaMi\AppData\Roaming\PC Suite 2009-11-08 02:45 . 2009-11-08 02:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-11-08 02:44 . 2009-11-08 02:37 -------- d-----w- c:\programdata\PC Suite 2009-11-08 02:44 . 2009-11-08 02:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-11-08 02:01 . 2009-11-08 02:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2009-11-02 19:42 . 2009-10-03 08:05 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-01 22:54 . 2007-08-13 21:02 115160 ----a-w- c:\users\SaMi\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-22 12:48 . 2008-01-31 20:36 -------- d-----w- c:\users\SaMi\AppData\Roaming\Winamp 2009-10-22 12:45 . 2008-02-12 17:29 -------- d-----w- c:\program files\Pinnacle 2009-10-20 11:33 . 2009-10-22 12:48 545280 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2009-10-20 11:33 . 2009-10-22 12:48 103424 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2009-10-20 11:33 . 2009-10-22 12:48 4716544 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\components\cooliris.dll 2009-10-20 11:33 . 2009-10-22 12:48 344064 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2009-10-20 11:33 . 2009-10-22 12:48 153600 ----a-w- c:\users\SaMi\AppData\Roaming\Mozilla\Firefox\Profiles\l52hi599.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2009-10-08 21:08 . 2009-11-17 18:05 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-17 18:05 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-17 18:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-06 10:52 . 2008-05-02 09:58 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-10-01 01:02 . 2009-11-17 18:08 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-17 18:08 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-17 18:08 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-17 18:08 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-17 18:08 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-17 18:08 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-17 18:08 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-17 18:08 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-17 18:08 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-17 18:08 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-17 18:08 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-17 18:08 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01 . 2009-11-17 18:08 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01 . 2009-11-17 18:08 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01 . 2009-11-17 18:08 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-10-01 01:01 . 2009-11-17 18:08 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-09-25 02:10 . 2009-11-17 18:09 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-17 18:09 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-17 18:09 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-17 18:09 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-17 18:09 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-17 18:09 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-17 18:09 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-17 18:09 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-17 18:09 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-17 18:09 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-17 18:09 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-17 18:09 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-17 18:09 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-17 18:09 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-17 18:09 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-17 18:09 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [-] 2009-12-20 15:26 . B8429E028C08351D63E654B764DA68FA . 19944 . . [------] . . c:\windows\System32\drivers\atapi.sys [7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\ERDNT\cache\atapi.sys [7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [7] 2008-02-13 . B35CFCEF838382AB6490B321C87EDF17 . 21560 . . [6.0.6000.16632] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [7] 2008-01-19 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\humnfsoverlay] @="{647E9AF4-DF80-40EF-B7FB-1B1B0C221193}" [HKEY_CLASSES_ROOT\CLSID\{647E9AF4-DF80-40EF-B7FB-1B1B0C221193}] 2005-09-21 06:47 67240 ----a-w- c:\program files\Hummingbird\Connectivity\11.00\NFS Maestro\hcnfsexp.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2009-01-20 517768] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup backupExtension=.CommonStartup
  8. Papillon_des_neiges
    Voici le problème d'antivir, dont le service ne veut pas se lancer : http://www.cijoint.fr/cjlink.php?file=cj20.../cijknENzK5.jpg
  9. Papillon_des_neiges
    Il semble que je sois très infecté, je ne peux même pas faire de point de restauration système : http://www.cijoint.fr/cjlink.php?file=cj20.../cijbo89X7A.jpg
  10. Papillon_des_neiges
    Voici un imprim écran du problème de MAJ : http://www.cijoint.fr/cjlink.php?file=cj20.../cijsMa0HBy.jpg
  11. Papillon_des_neiges
    Remarque 1 : Pour MBAM, je ne peux effectuer de mise à jour ! pourtant, je l'avais déjà installer (puis redésinstaller) et il se mettait très bien à jour. Remarque 2 : il n'y a plus antivir et zonealarm qui se lancent au démarrage !
  12. Papillon_des_neiges
    Merci de me prendre en charge. Voici le copier-coller du "report.txt" : Nom de l'hôte: SAMI Nom du système d'exploitation: Microsoft® Windows Vista™ Édition Familiale Premium Version du système: 6.0.6002 Service Pack 2 version 6002 Fabricant du système d'exploitation: Microsoft Corporation Configuration du système d'exploitation: Station de travail autonome Type de version du système d'exploitation: Multiprocessor Free Propriétaire enregistré: SaMi Organisation enregistrée: Identificateur de produit: 89578-OEM-7216714-99956 Date d'installation originale: 13/08/2007, 20:22:52 Heure de démarrage du système: 19/12/2009, 17:06:05 Fabricant du système: Acer Modèle du système: Aspire 9410 Type du système: X86-based PC Processeur(s): 1 processeur(s) installé(s). [01] : x86 Family 6 Model 14 Stepping 12 GenuineIntel ~1733 MHz Version du BIOS: Phoenix Technologies LTD V1.18 , 25/12/2006 Répertoire Windows: C:\Windows Répertoire système: C:\Windows\system32 Périphérique d'amorçage: \Device\HarddiskVolume2 Option régionale du système: fr;Français (France) Paramètres régionaux d'entrée: fr;Français (France) Fuseau horaire: (GMT+01:00) Bruxelles, Copenhague, Madrid, Paris Mémoire physique totale: 2 045 Mo Mémoire physique disponible: 826 Mo Fichier d'échange : taille maximale: 4 330 Mo Fichier d'échange : disponible: 2 597 Mo Fichier d'échange : en cours d'utilisation: 1 733 Mo Emplacements des fichiers d'échange: C:\pagefile.sys Domaine: WORKGROUP Serveur d'ouverture de session: \\SAMI Correctif(s): 191 Corrections installées. [01]: {8B2F38F1-6D3C-4D87-AD2F-954AF6942800} [02]: KB937286 [03]: KB971513 [04]: KB971512 [05]: KB944036 [06]: 944036 [07]: KB960362 [08]: KB971514 [09]: KB925902 [10]: KB929399 [11]: KB929547 [12]: KB929735 [13]: KB930178 [14]: KB930857 [15]: KB931099 [16]: KB931573 [17]: KB932471 [18]: KB933579 [19]: KB933729 [20]: KB935652 [21]: KB936021 [22]: KB936357 [23]: KB936782 [24]: KB936825 [25]: KB937077 [26]: KB938127 [27]: KB939159 [28]: KB941202 [29]: KB941229 [30]: KB941568 [31]: KB941569 [32]: KB941600 [33]: KB941644 [34]: KB943055 [35]: KB943078 [36]: KB945553 [37]: KB946026 [38]: KB946456 [39]: KB947172 [40]: KB905866 [41]: KB928089 [42]: KB929123 [43]: KB929916 [44]: KB931213 [45]: KB931836 [46]: KB932246 [47]: KB933360 [48]: KB933928 [49]: KB935280 [50]: KB935807 [51]: KB936824 [52]: KB937143 [53]: KB937287 [54]: KB938123 [55]: KB938194 [56]: KB938371 [57]: KB938464 [58]: KB938979 [59]: KB939653 [60]: KB941649 [61]: KB941651 [62]: KB941693 [63]: KB942615 [64]: KB942624 [65]: KB942763 [66]: KB943302 [67]: KB943411 [68]: KB943899 [69]: KB944533 [70]: KB946041 [71]: KB947562 [72]: KB947864 [73]: KB948590 [74]: KB948609 [75]: KB948610 [76]: KB948881 [77]: KB949246 [78]: KB949247 [79]: KB950124 [80]: KB950125 [81]: KB950126 [82]: KB950582 [83]: KB950759 [84]: KB950760 [85]: KB950762 [86]: KB950974 [87]: KB951066 [88]: KB951072 [89]: KB951376 [90]: KB951618 [91]: KB951698 [92]: KB951978 [93]: KB952004 [94]: KB952069 [95]: KB952287 [96]: KB952709 [97]: KB953155 [98]: KB953733 [99]: KB953838 [100]: KB953839 [101]: KB954154 [102]: KB954155 [103]: KB954211 [104]: KB954366 [105]: KB954459 [106]: KB954708 [107]: KB955020 [108]: KB955069 [109]: KB955302 [110]: KB955430 [111]: KB955519 [112]: KB955839 [113]: KB956390 [114]: KB956391 [115]: KB956572 [116]: KB956744 [117]: KB956802 [118]: KB956841 [119]: KB957095 [120]: KB957097 [121]: KB957200 [122]: KB957321 [123]: KB957388 [124]: KB958215 [125]: KB958481 [126]: KB958483 [127]: KB958623 [128]: KB958624 [129]: KB958644 [130]: KB958687 [131]: KB958690 [132]: KB959108 [133]: KB959130 [134]: KB959426 [135]: KB959772 [136]: KB960225 [137]: KB960544 [138]: KB960714 [139]: KB960715 [140]: KB960803 [141]: KB961260 [142]: KB961371 [143]: KB961501 [144]: KB963027 [145]: KB967632 [146]: KB967723 [147]: KB968389 [148]: KB968537 [149]: KB968816 [150]: KB969897 [151]: KB969897 [152]: KB969898 [153]: KB969947 [154]: KB970238 [155]: KB970430 [156]: KB970653 [157]: KB970710 [158]: KB971180 [159]: KB971486 [160]: KB971557 [161]: KB971657 [162]: KB971737 [163]: KB971930 [164]: KB971961 [165]: KB972036 [166]: KB972145 [167]: KB972260 [168]: KB972636 [169]: KB973346 [170]: KB973507 [171]: KB973525 [172]: KB973540 [173]: KB973565 [174]: KB973687 [175]: KB973768 [176]: KB973874 [177]: KB973917 [178]: KB974306 [179]: KB974318 [180]: KB974455 [181]: KB974470 [182]: KB974571 [183]: KB975364 [184]: KB975467 [185]: KB975517 [186]: KB976098 [187]: KB976325 [188]: KB976470 [189]: KB976749 [190]: KB948465 [191]: 940157 Carte(s) réseau: 2 carte(s) réseau installée(s). [01]: Carte réseau Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet (NDIS 6.0) Nom de la connexion : Connexion au réseau local État : Support déconnecté [02]: Carte réseau Broadcom 802.11g Nom de la connexion : Connexion réseau sans fil DHCP activé : Oui Serveur DHCP : 192.168.1.1 Adresse(s) IP [01]: 192.168.1.24 16:21:53:696 4732 ForceUnloadDriver: NtUnloadDriver error 2 16:21:53:709 4732 ForceUnloadDriver: NtUnloadDriver error 2 16:21:53:713 4732 ForceUnloadDriver: NtUnloadDriver error 2 16:21:53:743 4732 main: Driver KLMD successfully dropped 16:22:1:548 4732 main: Driver KLMD successfully loaded 16:22:1:548 4732 Scanning Registry ... 16:22:1:561 4732 ScanServices: Searching service UACd.sys 16:22:1:562 4732 ScanServices: Open/Create key error 2 16:22:1:562 4732 ScanServices: Searching service TDSSserv.sys 16:22:1:562 4732 ScanServices: Open/Create key error 2 16:22:1:562 4732 ScanServices: Searching service gaopdxserv.sys 16:22:1:562 4732 ScanServices: Open/Create key error 2 16:22:1:562 4732 ScanServices: Searching service gxvxcserv.sys 16:22:1:562 4732 ScanServices: Open/Create key error 2 16:22:1:562 4732 ScanServices: Searching service MSIVXserv.sys 16:22:1:562 4732 ScanServices: Open/Create key error 2 16:22:1:567 4732 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 8500C000 16:22:1:703 4732 UnhookRegistry: Kernel local addr: 1E40000 16:22:1:704 4732 UnhookRegistry: KeServiceDescriptorTable addr: 1F77B00 16:22:1:954 4732 UnhookRegistry: KiServiceTable addr: 1EEC82C 16:22:1:954 4732 UnhookRegistry: NtEnumerateKey service number (local): 85 16:22:1:954 4732 UnhookRegistry: NtEnumerateKey local addr: 203D0BA 16:22:1:963 4732 KLMD_OpenDevice: Trying to open KLMD device 16:22:1:963 4732 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 16:22:1:963 4732 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 16:22:1:963 4732 KLMD_ReadMem: Trying to ReadMemory 0x85054D19[0x4] 16:22:1:963 4732 UnhookRegistry: NtEnumerateKey service number (kernel): 85 16:22:1:963 4732 KLMD_ReadMem: Trying to ReadMemory 0x850B8A40[0x4] 16:22:1:964 4732 UnhookRegistry: NtEnumerateKey real addr: 852090BA 16:22:1:964 4732 UnhookRegistry: NtEnumerateKey calc addr: 852090BA 16:22:1:964 4732 UnhookRegistry: No SDT hooks found on NtEnumerateKey 16:22:1:964 4732 KLMD_ReadMem: Trying to ReadMemory 0x852090BA[0xA] 16:22:1:964 4732 UnhookRegistry: No splicing found on NtEnumerateKey 16:22:1:969 4732 Scanning Kernel memory ... 16:22:1:969 4732 KLMD_OpenDevice: Trying to open KLMD device 16:22:1:969 4732 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 16:22:1:969 4732 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 16:22:1:969 4732 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8895EA48 16:22:1:969 4732 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects 16:22:1:969 4732 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 88A61AC8 16:22:1:969 4732 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88A61AC8 16:22:1:969 4732 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 88238918 16:22:1:969 4732 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88238918 16:22:1:969 4732 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 88236030 16:22:1:969 4732 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88236030 16:22:1:969 4732 KLMD_ReadMem: Trying to ReadMemory 0x88236030[0x38] 16:22:1:969 4732 DetectCureTDL3: DRIVER_OBJECT addr: 88227030 16:22:1:970 4732 KLMD_ReadMem: Trying to ReadMemory 0x88227030[0xA8] 16:22:1:970 4732 KLMD_ReadMem: Trying to ReadMemory 0x88202708[0x208] 16:22:1:970 4732 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 16:22:1:970 4732 DetectCureTDL3: IrpHandler (0) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (1) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (2) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (3) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (4) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (5) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (6) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (7) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler ( addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (9) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (10) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (11) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (12) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (13) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (14) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (15) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (16) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (17) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (18) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (19) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (20) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (21) addr: 857DC9B0 16:22:1:970 4732 DetectCureTDL3: IrpHandler (22) addr: 857DC9B0 16:22:1:971 4732 DetectCureTDL3: IrpHandler (23) addr: 857DC9B0 16:22:1:971 4732 DetectCureTDL3: IrpHandler (24) addr: 857DC9B0 16:22:1:971 4732 DetectCureTDL3: IrpHandler (25) addr: 857DC9B0 16:22:1:971 4732 DetectCureTDL3: IrpHandler (26) addr: 857DC9B0 16:22:1:971 4732 DetectCureTDL3: All IRP handlers pointed to one addr: 857DC9B0 16:22:1:971 4732 KLMD_ReadMem: Trying to ReadMemory 0x857DC9B0[0x400] 16:22:1:971 4732 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr 16:22:1:971 4732 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4] 16:22:1:971 4732 KLMD_ReadMem: Trying to ReadMemory 0x8822788C[0x4] 16:22:1:971 4732 TDL3_IrpHookDetect: New IrpHandler addr: 89CB3F61 16:22:1:971 4732 KLMD_ReadMem: Trying to ReadMemory 0x89CB3F61[0x400] 16:22:1:971 4732 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120 16:22:1:971 4732 Driver "atapi" Irp handler infected by TDSS rootkit ... 16:22:1:971 4732 KLMD_WriteMem: Trying to WriteMemory 0x89CB3FE7[0xD] 16:22:1:971 4732 cured 16:22:1:972 4732 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 16:22:1:972 4732 KLMD_ReadMem: DeviceIoControl error 1 16:22:1:972 4732 TDL3_StartIoHookDetect: Unable to get StartIo handler code 16:22:1:972 4732 TDL3_FileDetect: Processing driver: atapi 16:22:1:972 4732 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\tsk_atapi.sys, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\tsk_atapi.sys 16:22:1:972 4732 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys 16:22:1:972 4732 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys 16:22:2:32 4732 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 16:22:2:33 4732 TDL3_FileCure: Processing driver file: C:\Windows\system32\drivers\atapi.sys 16:22:2:33 4732 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys 16:22:2:50 4732 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\Drivers\tsk_atapi.sys 16:22:2:240 4732 TDL3_FileCure: Image path (system32\Drivers\tsk_atapi.sys) was set for service (SYSTEM\CurrentControlSet\Services\atapi) 16:22:2:240 4732 TDL3_FileCure: KLMD_PendCopyFileW (C:\Windows\system32\Drivers\tsk_atapi.sys, C:\Windows\system32\drivers\atapi.sys) success 16:22:2:240 4732 will be cured on next reboot 16:22:2:259 4732 Completed Results: 16:22:2:259 4732 Infected objects in memory: 1 16:22:2:259 4732 Cured objects in memory: 1 16:22:2:260 4732 Infected objects on disk: 1 16:22:2:260 4732 Objects on disk cured on reboot: 1 16:22:2:260 4732 Objects on disk deleted on reboot: 0 16:22:2:260 4732 Registry nodes deleted on reboot: 0 16:22:2:260 4732
  13. Papillon_des_neiges
    Oups, le nom du cheval de troie est en fait TR/Vundo.Gen
  14. Papillon_des_neiges
    Je vous joins mon rapport d'hijackthis, exécuté à l'instant : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:54:42, on 19/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Program Files\Windows Mail\WinMail.exe C:\Users\SaMi\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://D:\Free Download Manager\dlall.htm O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html O8 - Extra context menu item: Télécharger avec Free Download Manager - file://D:\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://D:\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://D:\Free Download Manager\dlfvideo.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\hummingbird\connectivity\11.00\exceed\humshmx.dll O10 - Unknown file in Winsock LSP: c:\program files\hummingbird\connectivity\11.00\exceed\humshmx.dll O10 - Unknown file in Winsock LSP: c:\program files\hummingbird\connectivity\11.00\exceed\humshmx.dll O15 - Trusted Zone: http://www.tellmemorecampus.com O15 - Trusted Zone: http://www3.tellmemorecampus.com O15 - Trusted Zone: http://www.tellmemorecampus.com (HKLM) O15 - Trusted Zone: http://www3.tellmemorecampus.com (HKLM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Service Google Update (gupdate1c9d6f5d4e428f5) (gupdate1c9d6f5d4e428f5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- End of file - 8546 bytes
  15. Papillon_des_neiges
    Bonjour, Tout d'abord, voici ma configuration : - Système d'exploitation : Vista Edition Familiale Premium - Version SP2 - Antivirus : Avira Antivir Personal - Firewall : ZoneAlarm - Navigateur Internet : Mozilla Firefox Et voici les détails de mon problème : je suis infecté depuis maintenant trois semaines par Vundo/Gen et je n'arrive pas à en venir à bout. Le principal fichier infecté est C:\Windows\System32\tdlcmd.dll. Antivir n'arrête pas de le détecter (parfois toutes les 5 secondes) mais aucune de mes démarches suivies à la suite de lecture de forum sur le sujet n'a marché, alors je m'en remet à vous. Merci par avance de tout ce que vous entreprendrez pour m'aider.
×
×
  • Créer...