thib1984

Je vous ai découragé? Ce qui serait compréhensible.... Maintenant, je peux aussi formater mon pc, mais mon 'cas' pourrait être utile à une autre personne... Sait-on jamais.

Mince, je pensais avoir trouvé une source potentielle de mes soucis... Hum et les messages 'hooked' ils veulent dire quoi (pour info?) Cest lié à un souci matériel?

Bonsoir, voici le rapport ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/04/24 19:55 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xEB467000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "cfrmd.sys" at address 0xf73cb82e #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xf7b9dd7c #: 063 Function Name: NtDeleteKey Status: Hooked by "cfrmd.sys" at address 0xf73cc53a #: 065 Function Name: NtDeleteValueKey Status: Hooked by "cfrmd.sys" at address 0xf73cbf4e #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xf7b9dd9a #: 119 Function Name: NtOpenKey Status: Hooked by "cfrmd.sys" at address 0xf73cbacc #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xf7b9dd68 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xf7b9dd6d #: 177 Function Name: NtQueryValueKey Status: Hooked by "cfrmd.sys" at address 0xf73cbd52 #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xf7b9dda4 #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xf7b9dd9f #: 247 Function Name: NtSetValueKey Status: Hooked by "cfrmd.sys" at address 0xf73cc2ca ==EOF== Y'a des choses, y'a des choses (mais j'y comprends rien ) PS : est -il utile que je change le titre de mon sujet, car finalement ce n'est pas uniquement les analyses qui mettent mon pc à genou... ? Merci encore

Et voici le rapport.... Rien Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ******************* Finished! Terminate.

Voici le rapport, au point ou j'en suis, je pense qu'on peut faire du zele et enlever tout ce qui vous paraitrait suspect. A noter, qu'en mode sans échec, une analyse, un transfert ou quoique finissent également par un bug. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-24 12:48:09 Windows 5.1.2600 Service Pack 3 Running: 8yeorvvu.exe; Driver: C:\pwldrpoc.sys ---- System - GMER 1.0.15 ---- SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwCreateKey [0xF73CB82E] SSDT F7B9F20C ZwCreateThread SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteKey [0xF73CC53A] SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteValueKey [0xF73CBF4E] SSDT F7B9F22A ZwLoadKey SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwOpenKey [0xF73CBACC] SSDT F7B9F1F8 ZwOpenProcess SSDT F7B9F1FD ZwOpenThread SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwQueryValueKey [0xF73CBD52] SSDT F7B9F234 ZwReplaceKey SSDT F7B9F22F ZwRestoreKey SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwSetValueKey [0xF73CC2CA] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) AttachedDevice \FileSystem\Fastfat \Fat cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----

Voici ce que me donne antivir avant de planter avec le reste du PC Avira AntiVir Personal Report file date: mercredi 14 avril 2010 14:39 Scanning for 1987196 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : EEEPC1984 Version information: BUILD.DAT : 10.0.0.561 32098 Bytes 18/03/2010 15:46:00 AVSCAN.EXE : 10.0.2.3 433832 Bytes 07/03/2010 15:57:10 AVSCAN.DLL : 10.0.2.2 45928 Bytes 02/03/2010 10:48:47 LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 16:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 21:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 07:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 15:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 14:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 09:29:03 VBASE005.VDF : 7.10.4.204 2048 Bytes 05/03/2010 09:29:03 VBASE006.VDF : 7.10.4.205 2048 Bytes 05/03/2010 09:29:03 VBASE007.VDF : 7.10.4.206 2048 Bytes 05/03/2010 09:29:03 VBASE008.VDF : 7.10.4.207 2048 Bytes 05/03/2010 09:29:03 VBASE009.VDF : 7.10.4.208 2048 Bytes 05/03/2010 09:29:03 VBASE010.VDF : 7.10.4.209 2048 Bytes 05/03/2010 09:29:03 VBASE011.VDF : 7.10.4.210 2048 Bytes 05/03/2010 09:29:03 VBASE012.VDF : 7.10.4.211 2048 Bytes 05/03/2010 09:29:03 VBASE013.VDF : 7.10.4.242 153088 Bytes 08/03/2010 13:43:21 VBASE014.VDF : 7.10.5.17 99328 Bytes 10/03/2010 13:24:21 VBASE015.VDF : 7.10.5.44 107008 Bytes 11/03/2010 15:41:40 VBASE016.VDF : 7.10.5.69 92672 Bytes 12/03/2010 07:25:53 VBASE017.VDF : 7.10.5.91 119808 Bytes 15/03/2010 07:39:58 VBASE018.VDF : 7.10.5.121 112640 Bytes 18/03/2010 11:01:24 VBASE019.VDF : 7.10.5.138 139776 Bytes 18/03/2010 18:16:30 VBASE020.VDF : 7.10.5.164 113152 Bytes 22/03/2010 18:16:31 VBASE021.VDF : 7.10.5.182 108032 Bytes 23/03/2010 18:16:32 VBASE022.VDF : 7.10.5.199 123904 Bytes 24/03/2010 18:16:33 VBASE023.VDF : 7.10.5.217 279552 Bytes 25/03/2010 18:16:42 VBASE024.VDF : 7.10.5.234 202240 Bytes 26/03/2010 18:16:50 VBASE025.VDF : 7.10.5.254 187904 Bytes 30/03/2010 18:16:52 VBASE026.VDF : 7.10.6.18 130560 Bytes 01/04/2010 18:16:53 VBASE027.VDF : 7.10.6.34 136192 Bytes 06/04/2010 18:16:55 VBASE028.VDF : 7.10.6.44 232448 Bytes 07/04/2010 18:17:03 VBASE029.VDF : 7.10.6.45 2048 Bytes 07/04/2010 18:17:03 VBASE030.VDF : 7.10.6.46 2048 Bytes 07/04/2010 18:17:03 VBASE031.VDF : 7.10.6.55 101376 Bytes 09/04/2010 18:17:04 Engineversion : 8.2.1.210 AEVDF.DLL : 8.1.1.3 106868 Bytes 13/02/2010 10:16:21 AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 11/04/2010 18:17:39 AESCN.DLL : 8.1.5.0 127347 Bytes 25/02/2010 16:38:41 AESBX.DLL : 8.1.2.1 254323 Bytes 17/03/2010 09:09:47 AERDL.DLL : 8.1.4.3 541043 Bytes 17/03/2010 09:09:47 AEPACK.DLL : 8.2.1.1 426358 Bytes 11/04/2010 18:17:35 AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17/03/2010 09:09:46 AEHEUR.DLL : 8.1.1.16 2503031 Bytes 11/04/2010 18:17:33 AEHELP.DLL : 8.1.11.3 242039 Bytes 11/04/2010 18:17:18 AEGEN.DLL : 8.1.3.6 373108 Bytes 11/04/2010 18:17:17 AEEMU.DLL : 8.1.1.0 393587 Bytes 10/11/2009 07:04:22 AECORE.DLL : 8.1.13.1 188790 Bytes 11/04/2010 18:17:15 AEBB.DLL : 8.1.0.3 53618 Bytes 10/09/2009 10:15:06 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 10:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 10:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 14:47:40 AVREG.DLL : 10.0.1.2 52072 Bytes 29/01/2010 09:47:41 AVSCPLR.DLL : 10.0.2.3 83304 Bytes 07/03/2010 16:02:30 AVARKT.DLL : 10.0.0.13 227176 Bytes 07/03/2010 15:48:41 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 07:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 10:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 13:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 12:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 11:10:20 RCTEXT.DLL : 10.0.46.0 97128 Bytes 05/03/2010 08:09:41 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: d:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: mercredi 14 avril 2010 14:39 Starting search for hidden objects. c:\windows\repair\backup\servicestate\configdirectory\internet.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\tempkey.log c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\userdiff c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory\userdiff.log c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\appevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\secevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\eventlogs\sysevent.evt c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager\ntmsdata c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager\ntmsreg c:\WINDOWS\repair\Backup\ServiceState [NOTE] The file is not visible. c:\windows\repair\backup\servicestate\configdirectory c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. c:\windows\repair\backup\servicestate\eventlogs c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. c:\windows\repair\backup\servicestate\removablestoragemanager c:\WINDOWS\repair\Backup\ServiceState [NOTE] The directory is not visible. The scan of running processes will be started Scan process 'rsmsink.exe' - '28' Module(s) have been scanned Scan process 'avscan.exe' - '65' Module(s) have been scanned Scan process 'WINWORD.EXE' - '57' Module(s) have been scanned Scan process 'msdtc.exe' - '39' Module(s) have been scanned Scan process 'dllhost.exe' - '58' Module(s) have been scanned Scan process 'dllhost.exe' - '44' Module(s) have been scanned Scan process 'vssvc.exe' - '47' Module(s) have been scanned Scan process 'avcenter.exe' - '60' Module(s) have been scanned Scan process 'wscntfy.exe' - '13' Module(s) have been scanned Scan process 'alg.exe' - '32' Module(s) have been scanned Scan process 'wuauclt.exe' - '41' Module(s) have been scanned Scan process 'igfxext.exe' - '17' Module(s) have been scanned Scan process 'avgnt.exe' - '47' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '20' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '37' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '20' Module(s) have been scanned Scan process 'igfxtray.exe' - '23' Module(s) have been scanned Scan process 'hkcmd.exe' - '22' Module(s) have been scanned Scan process 'igfxpers.exe' - '19' Module(s) have been scanned Scan process 'AsAcpiSvr.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '33' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Scan process 'ETDCtrl.exe' - '27' Module(s) have been scanned Scan process 'spoolsv.exe' - '61' Module(s) have been scanned Scan process 'Explorer.EXE' - '89' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'svchost.exe' - '27' Module(s) have been scanned Scan process 'svchost.exe' - '160' Module(s) have been scanned Scan process 'btwdins.exe' - '19' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '50' Module(s) have been scanned Scan process 'avshadow.exe' - '24' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'lsass.exe' - '57' Module(s) have been scanned Scan process 'services.exe' - '26' Module(s) have been scanned Scan process 'winlogon.exe' - '64' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '365' files ). Starting the file scan: Begin scan in 'C:\' End of the scan: mercredi 14 avril 2010 15:08 Used time: 28:28 Minute(s) The scan has been canceled! 1457 Scanned directories 41778 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 41778 Files not concerned 397 Archives were scanned 0 Warnings 0 Notes 218224 Objects were scanned with rootkit scan 12 Hidden objects were found 12 objets cachés... c'est grave?

Je me permets de upper, j'aurai le temps ce week-end de faire les tests que vous me conseillerez... Je pense a formater le pc mais ca serait petit bras non?

Merci des conseils En l occurence j en avais deja applique pas mal... Mes programmes sont, si l installateur me le permet, installe sur le deuxieme disque dur. Mes documents, mes dossiers temp, software distribution (avec le programme juction.exe, je ne sais pas si tu connais qui permet les liens symboliques) sont places sur le troisieme (une carte sd). Sur C, j ai uniquement le dossier Windows, documents and settings (sans Mes documents), et quelques programmes. Bref, au niveau de la place, j ai fait du mieux que je pouvais. Je commence a me demander si le souci ne serait pas materiel, ou lie aux pilotes

Combofix est désinstallé. Je vais tenter de réinstaller mes anciens drivers et BIOS... Pas de CD Xp familiale (un pro, par contre mais ce n'est donc pas la bonne version) Pour la place, ce sont des disques ssd d'un eeepc donc 4 go/8go (2 disques) Il me reste 1 go/3go (respectivement) Merci de votre aide... J'attends votre retour.

Le premier passage a été un demi-échec. Au moment de la préparation du log, plusieurs messages d'erreurs. L'application n'a pas réussi à s'initialiser correctement. Cliquez sur OK pour l'arreter (a propos des processus de combofix, puis de notepad) Au démarrage suivant, antivir m'annonce qu'il a bloqué l'autorun.inf de mon disque C. Le premier log de combofix me donne ceci, je décide de refaire un passage. ComboFix 10-04-13.04 - thib1984 14/04/2010 13:50:40.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.422 [GMT 2:00] Lancé depuis: c:\documents and settings\thib1984\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-14 au 2010-04-14 )))))))))))))))))))))))))))))))))))) . 2010-04-13 21:39 . 2010-04-13 21:39 2157 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com 2010-04-13 19:32 . 2010-04-13 19:32 2095 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\login.live.com 2010-04-13 17:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-13 17:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-13 11:18 . 2010-04-13 11:18 -------- d--h--w- c:\windows\PIF 2010-04-13 11:16 . 2010-04-13 17:29 -------- d-----w- C:\tdsskiller 2010-04-12 09:31 . 2010-04-12 17:12 35608 ----a-w- C:\UsbFix_Upload_Me_EEEPC1984.zip 2010-04-12 09:19 . 2010-04-12 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\open-config 2010-04-12 09:18 . 2010-04-12 17:12 -------- d-----w- C:\UsbFix 2010-04-11 19:40 . 2010-04-11 19:41 -------- d-----w- C:\rsit 2010-04-11 18:38 . 2010-04-11 18:52 -------- d-----w- C:\FyK 2010-04-11 18:21 . 2010-04-11 18:21 -------- d-----w- c:\windows\system32\NtmsData 2010-04-11 18:20 . 2010-04-11 18:20 -------- d-----w- c:\documents and settings\thib1984\Application Data\Avira 2010-04-11 18:09 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-11 18:09 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-11 18:09 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-11 18:09 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-11 18:09 . 2010-04-11 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-11 13:16 . 2010-04-11 13:16 -------- d-----w- c:\temp\BTN%Copy%1 2010-04-11 13:16 . 2010-04-11 13:16 -------- d-----w- C:\temp 2010-04-11 11:56 . 2010-04-11 11:56 -------- d-----w- c:\windows\ASUSInstAll 2010-04-11 11:53 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS 2010-04-10 10:51 . 2008-02-15 10:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-04-10 10:40 . 2009-07-21 08:50 180224 ----a-w- c:\windows\system32\W32N55.dll 2010-04-10 10:40 . 2008-09-10 13:55 200704 ----a-w- c:\windows\system32\ssleay32.dll 2010-04-10 10:40 . 2010-02-01 14:36 800128 ----a-w- c:\windows\system32\Scutum.dll 2010-04-10 10:40 . 2009-10-29 07:50 152968 ----a-w- c:\windows\system32\RalinkGina.dll 2010-04-10 10:40 . 2009-05-11 09:45 147456 ----a-w- c:\windows\system32\DiagFunc.dll 2010-04-10 10:40 . 2009-04-21 13:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys 2010-04-10 10:40 . 2008-09-10 13:55 1085440 ----a-w- c:\windows\system32\libeay32.dll 2010-04-10 10:39 . 2010-02-04 00:47 226592 ----a-w- c:\windows\system32\RaCoInst.dll 2010-04-10 10:39 . 2010-04-10 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver 2010-04-10 10:39 . 2010-02-04 00:48 1323040 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\rt2860.sys 2010-04-10 10:39 . 2010-02-04 00:47 226592 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaCoInst.dll 2010-04-10 10:39 . 2010-02-04 00:47 13931 ----a-w- c:\windows\system32\RaCoInst.dat 2010-04-10 10:39 . 2009-10-28 07:48 533792 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst.exe 2010-04-10 10:39 . 2009-10-28 07:48 197920 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\CoInstaller.dll 2010-04-10 10:39 . 2009-07-13 16:47 323648 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi7.dll 2010-04-10 10:39 . 2006-11-02 05:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi.dll 2010-04-10 10:33 . 2008-02-15 11:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll 2010-04-10 10:05 . 2010-04-10 10:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-10 10:04 . 2010-04-13 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-04-06 19:55 . 2010-04-06 20:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\Download Manager 2010-04-06 10:52 . 2010-04-06 10:52 2145 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com 2010-04-06 08:26 . 2010-04-06 08:26 -------- d-----w- c:\documents and settings\thib1984\Application Data\gtk-2.0 2010-04-03 09:22 . 2010-04-11 17:58 -------- d-----w- c:\windows\ie8updates 2010-04-03 09:21 . 2010-04-03 09:21 -------- d-----w- c:\program files\MSXML 4.0 2010-03-31 22:04 . 2010-03-31 22:05 -------- d-----w- c:\documents and settings\thib1984\.smplayer 2010-03-26 08:21 . 2010-03-26 08:21 -------- d-----w- c:\documents and settings\thib1984\dwhelper 2010-03-24 22:01 . 2010-03-24 22:02 2165 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com 2010-03-22 15:07 . 2010-03-22 15:07 -------- d-----w- c:\windows\Sun 2010-03-19 10:27 . 2010-03-19 10:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\Tracker Software 2010-03-17 13:58 . 2010-03-17 13:58 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2010-03-17 12:45 . 2010-03-17 12:45 -------- d-----w- c:\windows\Crystal 2010-03-17 12:45 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-03-16 21:01 . 2001-11-13 07:47 41324 ----a-w- c:\windows\system32\winio.sys 2010-03-16 21:01 . 2010-03-16 21:01 -------- d-----w- c:\documents and settings\thib1984\Application Data\MathWorks 2010-03-15 16:19 . 2010-03-15 16:19 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-14 08:27 . 2010-03-14 17:29 -------- d-----w- c:\documents and settings\thib1984\Application Data\vlc 2010-04-14 05:50 . 2010-03-14 19:18 -------- d-----w- c:\documents and settings\thib1984\Application Data\.purple 2010-04-10 12:41 . 2008-06-27 09:44 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-04-10 12:41 . 2008-05-19 23:05 -------- d-----w- c:\program files\ASUS 2010-04-10 12:41 . 2008-05-19 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-10 11:04 . 2009-05-14 17:28 64052 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-10 11:04 . 2009-05-14 17:28 445672 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-10 10:39 . 2008-05-19 23:03 -------- d-----w- c:\program files\RALINK 2010-03-26 08:22 . 2010-03-14 17:29 -------- d-----w- c:\documents and settings\thib1984\Application Data\dvdcss 2010-03-15 18:01 . 2010-03-15 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-15 09:29 . 2010-03-15 09:29 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-03-15 09:13 . 2010-03-15 08:44 -------- d-----w- c:\documents and settings\thib1984\Application Data\PhotoFiltre 2010-03-14 23:19 . 2010-03-14 13:38 59024 ----a-w- c:\documents and settings\thib1984\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-14 23:11 . 2010-03-14 23:11 -------- d-----w- c:\documents and settings\thib1984\Application Data\Lingoes 2010-03-14 23:11 . 2010-03-14 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lingoes 2010-03-14 22:36 . 2010-03-14 17:17 -------- d-----w- c:\documents and settings\thib1984\Application Data\Notepad++ 2010-03-14 20:25 . 2010-03-14 20:25 -------- d-----w- c:\program files\Fichiers communs\Java 2010-03-14 20:14 . 2010-03-14 20:14 503808 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\msvcp71.dll 2010-03-14 20:14 . 2010-03-14 20:14 499712 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\jmc.dll 2010-03-14 20:14 . 2010-03-14 20:14 348160 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\msvcr71.dll 2010-03-14 20:13 . 2010-03-14 20:13 61440 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4787d202-n\decora-sse.dll 2010-03-14 20:13 . 2010-03-14 20:13 12800 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4787d202-n\decora-d3d.dll 2010-03-14 20:13 . 2010-03-14 20:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-14 20:11 . 2010-03-14 20:11 79488 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\jre1.6.0_18\gtapi.dll 2010-03-14 20:11 . 2010-03-14 20:11 152576 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\jre1.6.0_18\lzma.dll 2010-03-14 20:04 . 2010-03-14 17:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\GlarySoft 2010-03-14 20:03 . 2010-03-14 19:59 -------- d-----w- c:\documents and settings\thib1984\Application Data\.clamwin 2010-03-14 19:18 . 2010-03-14 19:18 -------- d-----w- c:\documents and settings\thib1984\Application Data\Malwarebytes 2010-03-14 19:17 . 2010-03-14 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-14 18:58 . 2010-03-14 18:58 -------- d-----w- c:\documents and settings\thib1984\Application Data\ComodoGroup 2010-03-14 17:03 . 2010-03-14 17:02 -------- d-----w- c:\documents and settings\thib1984\Application Data\Thunderbird 2010-03-14 16:48 . 2010-03-14 16:48 -------- d-----w- c:\program files\Windows Media Connect 2 2010-03-14 14:51 . 2010-03-14 14:51 -------- d-----w- c:\program files\MSECache 2010-03-14 14:45 . 2010-03-14 14:45 -------- d-----w- c:\program files\Microsoft.NET 2010-03-14 13:41 . 2010-03-14 13:38 131 ----a-w- c:\documents and settings\thib1984\Local Settings\Application Data\fusioncache.dat 2010-02-25 06:17 . 2009-05-14 17:28 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-12 10:03 . 2010-03-14 15:48 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-04 00:48 . 2008-05-19 23:03 1323040 ----a-w- c:\windows\system32\drivers\rt2860.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 01000000 "NoSMHelp"= 01000000 "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "HonorAutoRunSetting"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "RTHDCPL"=RTHDCPL.EXE "SoundMan"=SOUNDMAN.EXE "AlcWzrd"=ALCWZRD.EXE "Alcmtr"=ALCMTR.EXE "AsusTray"=c:\program files\EeePC\ACPI\AsTray.exe "AsusEPCMonitor"=c:\program files\EeePC\ACPI\AsEPCMon.exe "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" "ClamWin"="d:\program files\ClamWin\bin\ClamTray.exe" --logon [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "d:\\Program Files\\NX Client for Windows\\nxclient.exe"= "d:\\Program Files\\NX Client for Windows\\bin\\nxssh.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "d:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "d:\\Program Files\\SopCast\\SopCast.exe"= R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [14/03/2010 16:27 3712] R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [14/03/2010 19:16 133448] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [11/04/2010 20:10 135336] R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [10/04/2010 12:40 19072] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2008 01:03 1323040] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13/04/2010 19:31 38224] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - ---- PARAMETRES FIREFOX ---- d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"'>http://www.firefox.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-14 13:55 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Heure de fin: 2010-04-14 14:00:05 ComboFix-quarantined-files.txt 2010-04-14 11:58 Avant-CF: 482 656 256 octets libres Après-CF: 449 318 912 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 988A39D4E08A368BF6149BD4CE9AAED4 Je relance donc combofix, cette fois ci pas de bug. Nouveau fichier log. ComboFix 10-04-13.04 - thib1984 14/04/2010 14:06:11.2.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.634 [GMT 2:00] Lancé depuis: c:\documents and settings\thib1984\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-14 au 2010-04-14 )))))))))))))))))))))))))))))))))))) . 2010-04-13 21:39 . 2010-04-13 21:39 2157 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com 2010-04-13 19:32 . 2010-04-13 19:32 2095 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\login.live.com 2010-04-13 17:31 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-13 17:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-13 11:18 . 2010-04-13 11:18 -------- d--h--w- c:\windows\PIF 2010-04-13 11:16 . 2010-04-13 17:29 -------- d-----w- C:\tdsskiller 2010-04-12 09:31 . 2010-04-12 17:12 35608 ----a-w- C:\UsbFix_Upload_Me_EEEPC1984.zip 2010-04-12 09:19 . 2010-04-12 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\open-config 2010-04-12 09:18 . 2010-04-12 17:12 -------- d-----w- C:\UsbFix 2010-04-11 19:40 . 2010-04-11 19:41 -------- d-----w- C:\rsit 2010-04-11 18:38 . 2010-04-11 18:52 -------- d-----w- C:\FyK 2010-04-11 18:21 . 2010-04-11 18:21 -------- d-----w- c:\windows\system32\NtmsData 2010-04-11 18:20 . 2010-04-11 18:20 -------- d-----w- c:\documents and settings\thib1984\Application Data\Avira 2010-04-11 18:09 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-11 18:09 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-11 18:09 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-11 18:09 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-11 18:09 . 2010-04-11 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-11 13:16 . 2010-04-11 13:16 -------- d-----w- c:\temp\BTN%Copy%1 2010-04-11 13:16 . 2010-04-11 13:16 -------- d-----w- C:\temp 2010-04-11 11:56 . 2010-04-11 11:56 -------- d-----w- c:\windows\ASUSInstAll 2010-04-11 11:53 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS 2010-04-10 10:51 . 2008-02-15 10:49 184320 ----a-w- c:\windows\system32\igfxres.dll 2010-04-10 10:40 . 2009-07-21 08:50 180224 ----a-w- c:\windows\system32\W32N55.dll 2010-04-10 10:40 . 2008-09-10 13:55 200704 ----a-w- c:\windows\system32\ssleay32.dll 2010-04-10 10:40 . 2010-02-01 14:36 800128 ----a-w- c:\windows\system32\Scutum.dll 2010-04-10 10:40 . 2009-10-29 07:50 152968 ----a-w- c:\windows\system32\RalinkGina.dll 2010-04-10 10:40 . 2009-05-11 09:45 147456 ----a-w- c:\windows\system32\DiagFunc.dll 2010-04-10 10:40 . 2009-04-21 13:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys 2010-04-10 10:40 . 2008-09-10 13:55 1085440 ----a-w- c:\windows\system32\libeay32.dll 2010-04-10 10:39 . 2010-02-04 00:47 226592 ----a-w- c:\windows\system32\RaCoInst.dll 2010-04-10 10:39 . 2010-04-10 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver 2010-04-10 10:39 . 2010-02-04 00:48 1323040 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\rt2860.sys 2010-04-10 10:39 . 2010-02-04 00:47 226592 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaCoInst.dll 2010-04-10 10:39 . 2010-02-04 00:47 13931 ----a-w- c:\windows\system32\RaCoInst.dat 2010-04-10 10:39 . 2009-10-28 07:48 533792 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\RaInst.exe 2010-04-10 10:39 . 2009-10-28 07:48 197920 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\CoInstaller.dll 2010-04-10 10:39 . 2009-07-13 16:47 323648 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi7.dll 2010-04-10 10:39 . 2006-11-02 05:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\Ralink Driver\RT2860 Wireless LAN Card\Driver\difxapi.dll 2010-04-10 10:33 . 2008-02-15 11:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll 2010-04-10 10:05 . 2010-04-10 10:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-04-10 10:04 . 2010-04-13 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-04-06 19:55 . 2010-04-06 20:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\Download Manager 2010-04-06 10:52 . 2010-04-06 10:52 2145 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com 2010-04-06 08:26 . 2010-04-06 08:26 -------- d-----w- c:\documents and settings\thib1984\Application Data\gtk-2.0 2010-04-03 09:22 . 2010-04-11 17:58 -------- d-----w- c:\windows\ie8updates 2010-04-03 09:21 . 2010-04-03 09:21 -------- d-----w- c:\program files\MSXML 4.0 2010-03-31 22:04 . 2010-03-31 22:05 -------- d-----w- c:\documents and settings\thib1984\.smplayer 2010-03-26 08:21 . 2010-03-26 08:21 -------- d-----w- c:\documents and settings\thib1984\dwhelper 2010-03-24 22:01 . 2010-03-24 22:02 2165 ----a-w- c:\documents and settings\thib1984\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com 2010-03-22 15:07 . 2010-03-22 15:07 -------- d-----w- c:\windows\Sun 2010-03-19 10:27 . 2010-03-19 10:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\Tracker Software 2010-03-17 13:58 . 2010-03-17 13:58 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2010-03-17 12:45 . 2010-03-17 12:45 -------- d-----w- c:\windows\Crystal 2010-03-17 12:45 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe 2010-03-16 21:01 . 2001-11-13 07:47 41324 ----a-w- c:\windows\system32\winio.sys 2010-03-16 21:01 . 2010-03-16 21:01 -------- d-----w- c:\documents and settings\thib1984\Application Data\MathWorks 2010-03-15 16:19 . 2010-03-15 16:19 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-14 08:27 . 2010-03-14 17:29 -------- d-----w- c:\documents and settings\thib1984\Application Data\vlc 2010-04-14 05:50 . 2010-03-14 19:18 -------- d-----w- c:\documents and settings\thib1984\Application Data\.purple 2010-04-10 12:41 . 2008-06-27 09:44 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2010-04-10 12:41 . 2008-05-19 23:05 -------- d-----w- c:\program files\ASUS 2010-04-10 12:41 . 2008-05-19 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-10 11:04 . 2009-05-14 17:28 64052 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-10 11:04 . 2009-05-14 17:28 445672 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-10 10:39 . 2008-05-19 23:03 -------- d-----w- c:\program files\RALINK 2010-03-26 08:22 . 2010-03-14 17:29 -------- d-----w- c:\documents and settings\thib1984\Application Data\dvdcss 2010-03-15 18:01 . 2010-03-15 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-15 09:29 . 2010-03-15 09:29 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2010-03-15 09:13 . 2010-03-15 08:44 -------- d-----w- c:\documents and settings\thib1984\Application Data\PhotoFiltre 2010-03-14 23:19 . 2010-03-14 13:38 59024 ----a-w- c:\documents and settings\thib1984\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-14 23:11 . 2010-03-14 23:11 -------- d-----w- c:\documents and settings\thib1984\Application Data\Lingoes 2010-03-14 23:11 . 2010-03-14 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lingoes 2010-03-14 22:36 . 2010-03-14 17:17 -------- d-----w- c:\documents and settings\thib1984\Application Data\Notepad++ 2010-03-14 20:25 . 2010-03-14 20:25 -------- d-----w- c:\program files\Fichiers communs\Java 2010-03-14 20:14 . 2010-03-14 20:14 503808 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\msvcp71.dll 2010-03-14 20:14 . 2010-03-14 20:14 499712 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\jmc.dll 2010-03-14 20:14 . 2010-03-14 20:14 348160 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df3ce4b-n\msvcr71.dll 2010-03-14 20:13 . 2010-03-14 20:13 61440 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4787d202-n\decora-sse.dll 2010-03-14 20:13 . 2010-03-14 20:13 12800 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4787d202-n\decora-d3d.dll 2010-03-14 20:13 . 2010-03-14 20:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-14 20:11 . 2010-03-14 20:11 79488 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\jre1.6.0_18\gtapi.dll 2010-03-14 20:11 . 2010-03-14 20:11 152576 ----a-w- c:\documents and settings\thib1984\Application Data\Sun\Java\jre1.6.0_18\lzma.dll 2010-03-14 20:04 . 2010-03-14 17:27 -------- d-----w- c:\documents and settings\thib1984\Application Data\GlarySoft 2010-03-14 20:03 . 2010-03-14 19:59 -------- d-----w- c:\documents and settings\thib1984\Application Data\.clamwin 2010-03-14 19:18 . 2010-03-14 19:18 -------- d-----w- c:\documents and settings\thib1984\Application Data\Malwarebytes 2010-03-14 19:17 . 2010-03-14 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-14 18:58 . 2010-03-14 18:58 -------- d-----w- c:\documents and settings\thib1984\Application Data\ComodoGroup 2010-03-14 17:03 . 2010-03-14 17:02 -------- d-----w- c:\documents and settings\thib1984\Application Data\Thunderbird 2010-03-14 16:48 . 2010-03-14 16:48 -------- d-----w- c:\program files\Windows Media Connect 2 2010-03-14 14:51 . 2010-03-14 14:51 -------- d-----w- c:\program files\MSECache 2010-03-14 14:45 . 2010-03-14 14:45 -------- d-----w- c:\program files\Microsoft.NET 2010-03-14 13:41 . 2010-03-14 13:38 131 ----a-w- c:\documents and settings\thib1984\Local Settings\Application Data\fusioncache.dat 2010-02-25 06:17 . 2009-05-14 17:28 916480 ------w- c:\windows\system32\wininet.dll 2010-02-12 10:03 . 2010-03-14 15:48 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-04 00:48 . 2008-05-19 23:03 1323040 ----a-w- c:\windows\system32\drivers\rt2860.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-06-25 335872] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoNetworkConnections"= 01000000 "NoSMHelp"= 01000000 "NoSMMyDocs"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "HonorAutoRunSetting"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "RTHDCPL"=RTHDCPL.EXE "SoundMan"=SOUNDMAN.EXE "AlcWzrd"=ALCWZRD.EXE "Alcmtr"=ALCMTR.EXE "AsusTray"=c:\program files\EeePC\ACPI\AsTray.exe "AsusEPCMonitor"=c:\program files\EeePC\ACPI\AsEPCMon.exe "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" "ClamWin"="d:\program files\ClamWin\bin\ClamTray.exe" --logon [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "d:\\Program Files\\NX Client for Windows\\nxclient.exe"= "d:\\Program Files\\NX Client for Windows\\bin\\nxssh.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "d:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "d:\\Program Files\\SopCast\\SopCast.exe"= R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [14/03/2010 16:27 3712] R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [14/03/2010 19:16 133448] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [11/04/2010 20:10 135336] R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [10/04/2010 12:40 19072] R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2008 01:03 1323040] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [13/04/2010 19:31 38224] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - ---- PARAMETRES FIREFOX ---- d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-14 14:10 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3064) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll d:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . Heure de fin: 2010-04-14 14:12:30 ComboFix-quarantined-files.txt 2010-04-14 12:12 ComboFix2.txt 2010-04-14 12:00 Avant-CF: 452 857 856 octets libres Après-CF: 419 635 200 octets libres - - End Of File - - 4969AC9D515202E0C273BBEAA7EE0FCC C'est bon signe? EDIT : pas bon signe. Analyse antivir (pour voir). Ca bloque comme habitude.

La première modif a été faite, les analyses, transferts continuent à planter (pire les deux dernières se soldent pas une extinction de l'écran + reboot, sans que je ne le demande) Voici le log de recherche de DanolFix DaonolFix (15.04.09) by jpshortstuff Log created at 12:39 on 14/04/2010 by thib1984 Running from C:\Documents and Settings\thib1984\Bureau\DaonolFix(2).exe =====Find Daonol===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "aux"="wdmaud.drv" "midi"="wdmaud.drv" "midi1"="wdmaud.drv" "midi2"="wdmaud.drv" "midi3"="wdmaud.drv" "midimapper"="midimap.dll" "mixer"="wdmaud.drv" "mixer1"="wdmaud.drv" "mixer2"="wdmaud.drv" "mixer3"="wdmaud.drv" "msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" "msacm.imaadpcm"="imaadp32.acm" "msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" "msacm.msadpcm"="msadp32.acm" "msacm.msaudio1"="msaud32.acm" "msacm.msg711"="msg711.acm" "msacm.msgsm610"="msgsm32.acm" "msacm.sl_anet"="sl_anet.acm" "msacm.trspch"="tssoft32.acm" "MSVideo8"="VfWWDM32.dll" "vidc.cvid"="iccvid.dll" "VIDC.I420"="msh263.drv" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "vidc.iv50"="ir50_32.dll" "VIDC.IYUV"="iyuv_32.dll" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "VIDC.UYVY"="msyuv.dll" "VIDC.YUY2"="msyuv.dll" "VIDC.YVU9"="tsbyuv.dll" "VIDC.YVYU"="msyuv.dll" "wave"="wdmaud.drv" "wave1"="wdmaud.drv" "wave2"="wdmaud.drv" "wave3"="wdmaud.drv" "wavemapper"="msacm32.drv" -=Daonol Files=- (none found) -=End Of File=-

Bonjour, et content de ne pas vous avoir découragé... Je garde espoir... Voici le rapport (le warning n'indique rien de grave?) *************************************************************** Running from: C:\Documents and Settings\thib1984\Bureau\Win32kDiag.exe Log file at : C:\Documents and Settings\thib1984\Bureau\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished! ***************************************************************

Bonjour, Voici le rapport. Je n'ai rien supprimé. Pas de rootkit, je crois. Je devais tout supprimer? Par contre, le pc ne plante pas uniquement avec MBAM, mais aussi avec antivir, kaspersky removal tool, voir un transfert d'un grand lot de fichiers.... GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-14 07:30:01 Windows 5.1.2600 Service Pack 3 Running: vzfxzluu.exe; Driver: E:\Temp\pwldrpoc.sys ---- System - GMER 1.0.15 ---- SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwCreateKey [0xF73DD82E] SSDT F7B9E24C ZwCreateThread SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteKey [0xF73DE53A] SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwDeleteValueKey [0xF73DDF4E] SSDT F7B9E26A ZwLoadKey SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwOpenKey [0xF73DDACC] SSDT F7B9E238 ZwOpenProcess SSDT F7B9E23D ZwOpenThread SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwQueryValueKey [0xF73DDD52] SSDT F7B9E274 ZwReplaceKey SSDT F7B9E26F ZwRestoreKey SSDT cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) ZwSetValueKey [0xF73DE2CA] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) AttachedDevice \FileSystem\Fastfat \Fat cfrmd.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----

Bonsoir, et encore merci de votre aide précieuse... Malheureusement les choses ne s'arrangent pas. Le premier des deux softs (load_tdsskiller) ne trouve rien (invite de commande affiche 0 fichier infecté) mais, plus surprenant, le fichier log est vide Oo'. Le bloc notes s'affiche vide, rien dans C:\tdsskiller\report.txt (ce fichier n'existe même pas...) Le deuxième soft (rkill.com) ne trouve rien non plsu mais me renvoie un fichier log en bon et du forme ********************************************************* This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as thib1984 on 13/04/2010 at 19:30:06. Processes terminated by Rkill or while it was running: C:\Documents and Settings\thib1984\Bureau\rkill.com Rkill completed on 13/04/2010 at 19:30:11. ********************************************************** La désinstallation, installation scan de MBAM se finit comme d'habitude dorénavant (pc plus ou moins bloqué). Nouvelle : quand je copie colle un grand lot de données (plusieurs milliers d'images), la copie s'arrete avec le message d'erreurs "Ressources système insuffisantes pour terminer le service demandé" et les symptomes qui suivent sont les mêmes que d'habitude... Merci encore de votre aide

Initiative personelle : J'ai testé l'antivir rescue cd... Deux nouvelles : - il ne trouve rien... - il arrive à scanner tous les disques durs sans se bloquer... Je comprends de moins en moins....