Hige

Bonjour j'ai reglé le probleme de ralentissement en installant FF7 qui vient de sortir et tout a l'air de bien fonctionner. Egalement ,j'ai pu supprimer les fichiers recalcitrant avec Security Configuration Manager . Pour conclure,je ne peux rien dire de plus qu'un tres grand merci pour l'aide apporté. Merci beaucoup.

Merci pour l'astuce sur Mozilla,mais est ce que je risque de perdre tout mes favoris ??Les extensions je sais que je peux les retelechargé mais j'aimerai ne rien perdre de mes liens. En ce qui concerne les fichiers,oui meme en sans echec je ne peux les supprimer; j'ai toujours ce message " Impossible de supprimer xxxxx:acces refuse. Verifier que le disque n'est pas plein ou protege en ecriture et que le fichier n'est pas utilisé actuellement." Et en clique droit je n'ai pas d'onglet securité mais seulement:General,Programme,Police,Memoire,ecran,Divers,Compatibilité. (et ce dans ma session ou sans echec ) Edit:apres creation du nouveau profil,la situation est la même.

Ca a l'air d'aller si ce n'est un tres fort ralentissement de FIrefox qui n'existait pas avant et les fichiers GMER que je n'arrive pas a supprimer du bureau(ceux que le virus avaient bloqués)

Voici le rapport,etrangement cette fois il n'a pas bloqué a la creation du point de restauration. ComboFix 11-09-24.04 - Archangel 24/09/2011 23:02:51.2.3 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3325.2810 [GMT 2:00] Lancé depuis: c:\documents and settings\Archangel\Bureau\ComboFix.exe AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Archangel\Application Data\FFSJ c:\documents and settings\Archangel\Application Data\FFSJ\FFSJ.cfg c:\documents and settings\Archangel\Application Data\OfferBox c:\documents and settings\Archangel\Application Data\OfferBox\config.dat c:\documents and settings\Archangel\Application Data\OfferBox\config.xml c:\documents and settings\Archangel\WINDOWS c:\program files\OfferBox c:\windows\3625100665 c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\d3d9caps.dat c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\win.ini c:\windows\system32\WS2Fix.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-08-24 au 2011-09-24 )))))))))))))))))))))))))))))))))))) . . 2011-09-24 17:18 . 2011-09-24 19:23 115369 ----a-w- c:\windows\system32\drivers\klin.dat 2011-09-24 17:18 . 2011-09-24 19:23 97961 ----a-w- c:\windows\system32\drivers\klick.dat 2011-09-24 17:17 . 2011-09-24 17:17 -------- d-----w- c:\program files\Fichiers communs\InfoWatch 2011-09-24 17:17 . 2011-09-24 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2011-09-24 17:17 . 2011-09-24 17:17 -------- d-----w- c:\program files\Kaspersky Lab 2011-09-24 17:15 . 2011-09-24 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2011-09-24 09:01 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys 2011-09-23 20:46 . 2009-12-14 10:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2011-09-23 20:46 . 2009-12-14 10:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2011-09-23 19:16 . 2011-09-23 20:20 -------- d-----w- c:\program files\ESET 2011-09-23 00:34 . 2011-08-18 13:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-09-22 23:37 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-22 23:16 . 2011-09-20 11:11 133208 ----a-w- c:\windows\system32\drivers\88176713.sys 2011-09-22 23:12 . 2011-09-23 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-09-22 11:17 . 2011-09-22 11:16 401408 ----a-w- c:\windows\system32\CF4844.exe 2011-09-22 11:14 . 2011-09-22 11:14 -------- d-----w- c:\program files\trend micro 2011-09-22 07:41 . 2011-09-21 07:13 570368 ----a-w- C:\RogueKiller.exe 2011-09-22 07:41 . 2011-09-21 07:36 9852544 ----a-w- C:\malwarebytes-anti-malware_malwarebytes_anti-malware_1.51.2.1300_francais_215092.exe 2011-09-22 07:41 . 2011-09-21 06:55 10268672 ----a-w- C:\ad-aware_ad-aware_free_9.5_francais_12797.msi 2011-09-22 07:40 . 2011-09-21 06:57 124516544 ----a-w- C:\pure9.1.0.124fr.exe 2011-09-21 07:54 . 2011-09-21 07:51 409449 ----a-w- C:\rstassociations.scr 2011-09-20 22:42 . 2011-09-20 22:42 -------- d-----w- c:\program files\Common Files 2011-09-20 21:54 . 2011-09-23 17:24 -------- d-----w- C:\rsit 2011-09-20 10:34 . 2011-09-20 10:34 -------- d-----w- c:\documents and settings\Archangel\Application Data\Tific 2011-09-20 10:34 . 2011-09-20 10:34 -------- d-----w- c:\documents and settings\Archangel\Local Settings\Application Data\Symantec 2011-09-20 10:20 . 2011-09-20 22:35 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared 2011-09-20 10:19 . 2011-09-20 10:19 -------- d-----w- c:\program files\Windows Sidebar 2011-09-20 10:19 . 2011-09-20 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2011-09-20 10:15 . 2011-09-20 10:15 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2011-09-12 15:10 . 2011-09-12 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon 2011-08-29 22:14 . 2011-08-29 22:14 -------- d-----w- c:\documents and settings\LocalService\Bureau 2011-08-27 14:50 . 2007-06-11 09:20 231936 ----a-w- c:\windows\system32\FusionReg.dll 2011-08-27 14:49 . 2004-04-18 21:39 172032 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll 2011-08-27 14:49 . 2004-04-18 21:39 266240 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll 2011-08-27 14:49 . 2004-04-18 21:42 733184 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll 2011-08-27 14:49 . 2004-04-18 21:40 69715 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll 2011-08-27 14:49 . 2004-04-18 21:39 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe 2011-08-27 14:49 . 2011-08-27 14:49 303236 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll 2011-08-27 14:49 . 2011-08-27 14:49 180356 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-24 20:54 . 2009-05-30 17:51 16608 ----a-w- c:\windows\gdrv.sys 2011-09-10 22:02 . 2010-04-29 19:22 57344 ----a-r- c:\documents and settings\Archangel\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2011-09-01 11:29 . 2010-12-31 21:13 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2011-09-01 11:19 . 2011-08-23 07:58 29504 ----a-w- c:\windows\system32\uxtuneup.dll 2011-08-10 14:52 . 2011-05-31 06:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-17 15:52 . 2011-07-17 16:00 29480 ----a-w- c:\windows\system32\msxml3a.dll 2011-07-17 15:52 . 2006-09-25 15:39 353576 ----a-w- c:\windows\system32\msvcr71.dll 2011-07-17 15:52 . 2009-11-19 23:33 505128 ----a-w- c:\windows\system32\msvcp71.dll 2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Archangel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Archangel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Archangel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Archangel\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-08-02 399736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 98304] "AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096] . c:\documents and settings\Archangel\Menu D‚marrer\Programmes\D‚marrage\ Dropbox.lnk - c:\documents and settings\Archangel\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . c:\documents and settings\Archangel\Menu D‚marrer\Programmes\D‚marrage\ Dropbox.lnk - c:\documents and settings\Archangel\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Air Mouse.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Air Mouse.lnk backup=c:\windows\pss\Air Mouse.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Archangel^Menu Démarrer^Programmes^Démarrage^Dropbox.lnk] path=c:\documents and settings\Archangel\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Archangel^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk] path=c:\documents and settings\Archangel\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- p:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirVideoServer] 2010-09-22 01:03 4923784 ----a-w- p:\program files\AirVideoServer\AirVideoServer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2010-04-02 07:11 75048 ------w- c:\program files\Cyberlink\Shared files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- p:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI] 2007-07-26 13:05 20480 ----a-w- c:\program files\Gigabyte\ET6\ETcall.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd] 2008-04-03 08:01 297480 ----a-w- c:\program files\Gigabyte\GBTUpd\PreRun.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-08-12 20:52 136176 ----atw- c:\documents and settings\Archangel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 12:07 1289000 ----a-w- p:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HD Tune] 2008-02-09 13:17 401408 ----a-w- p:\progra~1\HDTUNE~1\HDTune.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-02-17 05:15 221184 ----a-w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-02-17 05:15 81920 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-07 15:51 421160 ----a-w- p:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] 2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 15:00 449608 ----a-w- p:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 17:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2] 2010-05-25 17:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 22:08 87336 ------w- p:\program files\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Backup] 2008-10-07 03:46 10762240 ----a-r- c:\program files\SmartBackup\SmartBackupSetup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 14:07 2260480 --sha-r- p:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-03-22 18:37 74752 ----a-w- p:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WiselinkPro"=2 (0x2) "helpsvc"=2 (0x2) "Apple Mobile Device"=2 (0x2) "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "H/PC Connection Agent"="p:\program files\Microsoft ActiveSync\wcescomm.exe" "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "tray3"=c:\windows\system32\RecvMessage.exe "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto "iTunesHelper"="p:\program files\iTunes\iTunesHelper.exe" "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "p:\\Program Files\\uTorrent\\uTorrent.exe"= "p:\program files\Microsoft ActiveSync\rapimgr.exe"= p:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "p:\program files\Microsoft ActiveSync\wcescomm.exe"= p:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "p:\program files\Microsoft ActiveSync\WCESMgr.exe"= p:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\RecvMessage.exe"= "c:\\Program Files\\Gigabyte\\GBTUpd\\RunUpd.exe"= "p:\\sysreset\\mirc.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "p:\\Program Files\\devolo\\informer\\devinf.exe"= "p:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Documents and Settings\\Archangel\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "p:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 88176713;88176713;c:\windows\system32\drivers\88176713.sys [23/09/2011 01:16 133208] R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [23/09/2011 22:46 88632] R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [05/06/2009 19:06 39472] R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/09/2011 02:34 64512] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [23/09/2011 22:46 39352] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/07/17 18:01];p:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [02/04/2010 09:11 87536] R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [30/05/2009 20:09 68136] R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488] R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [28/11/2008 15:34 35840] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;p:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [01/09/2011 13:24 1526080] R3 AirDisplay;Air Display Support;c:\windows\system32\drivers\AVVideoCard.sys [14/04/2011 14:26 15984] R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\drivers\AVVideoCardMirror.sys [14/04/2011 14:26 15984] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14:42 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19:39 19472] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;p:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 13:34 10064] S1 MpKsl078d3c29;MpKsl078d3c29;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ADA08DA-09A8-4BAE-9A93-3AE5462EEBEB}\MpKsl078d3c29.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0ADA08DA-09A8-4BAE-9A93-3AE5462EEBEB}\MpKsl078d3c29.sys [?] S1 MpKsl0e2ee768;MpKsl0e2ee768;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl0e2ee768.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl0e2ee768.sys [?] S1 MpKsl0f3bcbf4;MpKsl0f3bcbf4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl0f3bcbf4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl0f3bcbf4.sys [?] S1 MpKsl2bdc6bbb;MpKsl2bdc6bbb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{987A4627-EB70-4259-B8A2-D1B74F26049B}\MpKsl2bdc6bbb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{987A4627-EB70-4259-B8A2-D1B74F26049B}\MpKsl2bdc6bbb.sys [?] S1 MpKsl6223c986;MpKsl6223c986;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CCD8BDF-2448-4677-9681-82F6A88B351A}\MpKsl6223c986.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CCD8BDF-2448-4677-9681-82F6A88B351A}\MpKsl6223c986.sys [?] S1 MpKsl646caed9;MpKsl646caed9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A53F2EE3-B59B-4949-96E0-33360832AFC4}\MpKsl646caed9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A53F2EE3-B59B-4949-96E0-33360832AFC4}\MpKsl646caed9.sys [?] S1 MpKsl68dd0546;MpKsl68dd0546;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKsl68dd0546.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKsl68dd0546.sys [?] S1 MpKsl6cff4364;MpKsl6cff4364;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAAAB053-1E5A-4DA3-B775-50D56658BBC2}\MpKsl6cff4364.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DAAAB053-1E5A-4DA3-B775-50D56658BBC2}\MpKsl6cff4364.sys [?] S1 MpKsl76fbd28a;MpKsl76fbd28a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A7D0B08A-9FEF-4E7C-870F-3A1A0A810C05}\MpKsl76fbd28a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A7D0B08A-9FEF-4E7C-870F-3A1A0A810C05}\MpKsl76fbd28a.sys [?] S1 MpKsl801c26e3;MpKsl801c26e3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14E043C2-B4CB-4B0D-A0DE-15361F941314}\MpKsl801c26e3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14E043C2-B4CB-4B0D-A0DE-15361F941314}\MpKsl801c26e3.sys [?] S1 MpKsl89c4bd9c;MpKsl89c4bd9c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC2CA2A7-2444-4216-90D5-74A8167A27B2}\MpKsl89c4bd9c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC2CA2A7-2444-4216-90D5-74A8167A27B2}\MpKsl89c4bd9c.sys [?] S1 MpKsl8dc3269d;MpKsl8dc3269d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B66735D6-D854-439C-80D1-19BBD1F2F969}\MpKsl8dc3269d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B66735D6-D854-439C-80D1-19BBD1F2F969}\MpKsl8dc3269d.sys [?] S1 MpKsl8ebe5b9f;MpKsl8ebe5b9f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C63BE20E-62A1-4B0B-BC21-89679A594091}\MpKsl8ebe5b9f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C63BE20E-62A1-4B0B-BC21-89679A594091}\MpKsl8ebe5b9f.sys [?] S1 MpKsl966369e8;MpKsl966369e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl966369e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKsl966369e8.sys [?] S1 MpKsl9c328200;MpKsl9c328200;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69A5D6B3-FA3F-46A6-A26C-DB2E4E82604E}\MpKsl9c328200.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69A5D6B3-FA3F-46A6-A26C-DB2E4E82604E}\MpKsl9c328200.sys [?] S1 MpKsla4298a88;MpKsla4298a88;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B66735D6-D854-439C-80D1-19BBD1F2F969}\MpKsla4298a88.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B66735D6-D854-439C-80D1-19BBD1F2F969}\MpKsla4298a88.sys [?] S1 MpKsla6e0e3ed;MpKsla6e0e3ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF073E63-D76B-4576-B2C5-9A768A139A03}\MpKsla6e0e3ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF073E63-D76B-4576-B2C5-9A768A139A03}\MpKsla6e0e3ed.sys [?] S1 MpKslb6d0a0e2;MpKslb6d0a0e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKslb6d0a0e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF5D3B24-60E0-4E46-8619-7F71FAD5D5D3}\MpKslb6d0a0e2.sys [?] S1 MpKslb8265317;MpKslb8265317;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE55AF49-2401-4D00-9E2C-66E8EA654CBC}\MpKslb8265317.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE55AF49-2401-4D00-9E2C-66E8EA654CBC}\MpKslb8265317.sys [?] S1 MpKslbad887e1;MpKslbad887e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82F8AD96-0B4E-43F4-A150-CF778C64DF6D}\MpKslbad887e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82F8AD96-0B4E-43F4-A150-CF778C64DF6D}\MpKslbad887e1.sys [?] S1 MpKslbd6ee218;MpKslbd6ee218;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA879E70-B13F-4A03-8C9D-680395ABC530}\MpKslbd6ee218.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA879E70-B13F-4A03-8C9D-680395ABC530}\MpKslbd6ee218.sys [?] S1 MpKslcf4213ab;MpKslcf4213ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFAEDC71-996A-4FF2-A7FB-5954E01CB579}\MpKslcf4213ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EFAEDC71-996A-4FF2-A7FB-5954E01CB579}\MpKslcf4213ab.sys [?] S1 MpKslda38a941;MpKslda38a941;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{006745CC-0DC7-4359-B0DD-70EC3EB769F6}\MpKslda38a941.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{006745CC-0DC7-4359-B0DD-70EC3EB769F6}\MpKslda38a941.sys [?] S1 MpKsle1238778;MpKsle1238778;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKsle1238778.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKsle1238778.sys [?] S1 MpKsle13038d4;MpKsle13038d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC63ACD-C359-46C8-9ED4-7D63B4D63C5F}\MpKsle13038d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC63ACD-C359-46C8-9ED4-7D63B4D63C5F}\MpKsle13038d4.sys [?] S1 MpKsle385f021;MpKsle385f021;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E9403EB-C203-4916-A101-78863BC27786}\MpKsle385f021.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E9403EB-C203-4916-A101-78863BC27786}\MpKsle385f021.sys [?] S1 MpKsleb643d62;MpKsleb643d62;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9540CAB7-A0C9-4585-9CD2-ABEDEA056F3B}\MpKsleb643d62.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9540CAB7-A0C9-4585-9CD2-ABEDEA056F3B}\MpKsleb643d62.sys [?] S1 MpKslf0a77645;MpKslf0a77645;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E32804BF-0B9E-441F-8096-D1436C73609D}\MpKslf0a77645.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E32804BF-0B9E-441F-8096-D1436C73609D}\MpKslf0a77645.sys [?] S1 MpKslf61756ba;MpKslf61756ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E911B0AB-2AC1-41D2-B826-8820AA6CEB45}\MpKslf61756ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E911B0AB-2AC1-41D2-B826-8820AA6CEB45}\MpKslf61756ba.sys [?] S1 MpKslf6bcf29e;MpKslf6bcf29e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB6C0DB-94B0-4412-BA8F-C924F7D5878D}\MpKslf6bcf29e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB6C0DB-94B0-4412-BA8F-C924F7D5878D}\MpKslf6bcf29e.sys [?] S1 MpKslfa2ef13d;MpKslfa2ef13d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKslfa2ef13d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9899DC13-C826-4F28-B84B-C914FEAB0040}\MpKslfa2ef13d.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384] S2 COM Service;COM Service;c:\program files\Gigabyte\G.O.M\GCSVR.exe [30/05/2009 20:41 16384] S2 CSObjectsSrv;Service de gestion du système CryproStorage;c:\program files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17:34 743992] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;p:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/08/2011 15:25 2151640] S3 ADDCUXLP;ADDCUXLP;c:\docume~1\ARCHAN~1\LOCALS~1\Temp\ADDCUXLP.exe --> c:\docume~1\ARCHAN~1\LOCALS~1\Temp\ADDCUXLP.exe [?] S3 BMGMFHGV;BMGMFHGV;c:\docume~1\ARCHAN~1\LOCALS~1\Temp\BMGMFHGV.exe --> c:\docume~1\ARCHAN~1\LOCALS~1\Temp\BMGMFHGV.exe [?] S3 SWUSBFLT;Pilote de filtre Microsoft SideWinder VIA;c:\windows\system32\drivers\SWUSBFLT.SYS [10/11/2010 21:45 3968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504] S4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [08/08/2011 09:48 311928] S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [22/07/2011 14:26 690472] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' . 2011-09-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - p:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 13:25] . 2011-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 10:34] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-562591055-682003330-1004Core.job - c:\documents and settings\Archangel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 20:52] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-562591055-682003330-1004UA.job - c:\documents and settings\Archangel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 20:52] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - p:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Archangel\Application Data\Mozilla\Firefox\Profiles\u6jthp5s.default\ FF - prefs.js: browser.startup.homepage - www.google.fr FF - user.js: general.useragent.extra.zencast - FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . ------- Associations de fichier ------- . vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %* . - - - - ORPHELINS SUPPRIMES - - - - . SafeBoot-44347910.sys MSConfigStartUp-AdVantage - c:\documents and settings\Archangel\Application Data\advantage\AdVantage.exe MSConfigStartUp-Change Logon Utility - c:\documents and settings\Archangel\Application Data\chglogon.exe MSConfigStartUp-CloneCDTray - p:\program files\SlySoft\CloneCD\CloneCDTray.exe MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe MSConfigStartUp-SDFix - c:\sdfix\RunThis.bat MSConfigStartUp-tplsis70t - c:\documents and settings\Archangel\Application Data\F39A95FC7AD7707F1CDA8CEB0520990F\tplsis70t.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-09-24 23:07 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\p:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OOSAFEERASE03.00.00.01MSWINDOWS"="61A1096B87809E0AA5F4A83E677877A8020425269D89BE1F8949591E8622256C7D4F48BE83AE293C616B675599C426361EC5F6DD9E14F5903D3DEFBBF929A5F9AE0D7C4FF008B7539DCF83D3058A75365844C290E697D24FC5F276D96D275E876B129A602B1847F684C72D5287D1EDB5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407BA7FD869164D6794A6171C11EC38DE3D4CD71AC6BD8FBF260873DBCEB793E39C3AE9E3479EE9D328CCB4181023033C60334640F1957D0B197D48523709460D2A8126CC20FB9407880FE8232918AA6D2B3766B30F84E7A64B24BC56B8BFB1D9E27E9D766690A7D70DE2EB3A3004A3062BE8A8C1567C11675D3D2DEEE24F162A4C42BB3E1B727E4F40C956363EBD09D60C5C71DC16B7F287418CEBC45872E73F3DE15E29567C2D577F4BB31280E02912D1A71B18AF303724BFDABFA7CE255041E4F7595BC3CCF7C07DF184EE354C86D2D2E671AD1828BE3E75F4E1861029AAB7C2A173A22245D73D3E4C3B0F33A2D893BABAB5F859239B3CD02C0179FA8487922C80E76BC40CFA661D6CC1DA60CB0BB487C61EFC8E6895671754BDBA037EABA3C93A65CA920CC2B6486AF35FBA72B87C8C31525D6B85A8EBDE46AF262C25112297788E7687F1C58CBF60204BD106B69170276FE234C805DB935FE0BF11C9622968E9FB4932304CACD9EB0C73C93A8B012E5787F942480DADF57F4D2BE10200355EBE3842377DD3BD4131EF4FDA8471BA13769D3503DA58B8998A6935DEA5802AF3ACC084CCD48D4BF2557579D221569344BAAD48F71D33BC666A1AC96053AA4DF56F0AD63DF2E0C4C1043FB38F0FDC44B6E0228CB5EF9CD8970C3A7BCEEB7B4A83417A24695A657DD16CDFE107925B6836295D7F65F548143DDE967F289324AE1467EC7B44516A2D1D40E00BBFB0DD81E055344045191ED7BAD8712F01B308ECED25B10F5562EEEE73353CDAD8B6A17229AEEE942683B770C8F0020CFDF9BFDA2F440BB6B75B2C43F308632200321984D700CBE56C27E71072A570B359D79834C813306D994E878B17763954FAF6EBE40519FA4193B6AFCA18F6DBEDE1021396FDE3CAD04090A111A4439709219CF222A1CDA156A6AB471C6C6957A47971E284E90B7BA501BE4AFCBAB4C8FDDF7DBDB2EEF559FB48C09AE0798467E417E2F1E4F6E255D0483487E1CA950D10B6398FEC046DAEA82D7749D9185686E1C3D8DB0167C8DD5F949592AF1CB41AC4B9B2DD0F4D9222FA1E14A42CF9EF22719E18F009CF9E917D7AC6D9C0C6E516C41210D2B887492A33F91D376122649D0CDAA8B58D1949DF019FF27F4FB97D1E5AFA3F4E6D467BAEB6B0603CE7E7CDCDD13D586385FEB3A95FC088567AB6D6C077456DE11770" . [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(1636) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Heure de fin: 2011-09-24 23:08:49 ComboFix-quarantined-files.txt 2011-09-24 21:08 . Avant-CF: 21 130 522 624 octets libres Après-CF: 21 364 408 320 octets libres . - - End Of File - - 569BD67148E70E9142205C227371DE22

Bonjour, alors pour ce qui est de Process Explorer,il n'y a que le nom 3625100665.2254105895.exe qu'il m'est impossible de killer. Je suis alors passer a TDSSKILLER qui m'a trouvé des "suspicious object" dont voici le rapport 16:01:19.0312 0240 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37 16:01:19.0375 0240 ============================================================ 16:01:19.0375 0240 Current date / time: 2011/09/24 16:01:19.0375 16:01:19.0375 0240 SystemInfo: 16:01:19.0375 0240 16:01:19.0375 0240 OS Version: 5.1.2600 ServicePack: 3.0 16:01:19.0375 0240 Product type: Workstation 16:01:19.0375 0240 ComputerName: STARGAZER 16:01:19.0375 0240 UserName: Archangel 16:01:19.0375 0240 Windows directory: C:\WINDOWS 16:01:19.0375 0240 System windows directory: C:\WINDOWS 16:01:19.0375 0240 Processor architecture: Intel x86 16:01:19.0375 0240 Number of processors: 3 16:01:19.0375 0240 Page size: 0x1000 16:01:19.0375 0240 Boot type: Normal boot 16:01:19.0375 0240 ============================================================ 16:01:21.0046 0240 Initialize success 16:01:25.0203 2920 ============================================================ 16:01:25.0203 2920 Scan started 16:01:25.0203 2920 Mode: Manual; 16:01:25.0203 2920 ============================================================ 16:01:26.0125 2920 79a512d8 (8835a649ec584a2f1fcc8fa54471d50d) C:\WINDOWS\3625100665:2254105895.exe 16:01:26.0125 2920 Suspicious file (Hidden): C:\WINDOWS\3625100665:2254105895.exe. md5: 8835a649ec584a2f1fcc8fa54471d50d 16:01:26.0125 2920 79a512d8 ( HiddenFile.Multi.Generic ) - warning 16:01:26.0125 2920 79a512d8 - detected HiddenFile.Multi.Generic (1) 16:01:26.0203 2920 88176713 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\88176713.sys 16:01:26.0203 2920 88176713 - ok 16:01:26.0218 2920 Abiosdsk - ok 16:01:26.0218 2920 abp480n5 - ok 16:01:26.0250 2920 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:01:26.0265 2920 ACPI - ok 16:01:26.0281 2920 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 16:01:26.0281 2920 ACPIEC - ok 16:01:26.0296 2920 adpu160m - ok 16:01:26.0328 2920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 16:01:26.0343 2920 aec - ok 16:01:26.0375 2920 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 16:01:26.0375 2920 AFD - ok 16:01:26.0375 2920 Aha154x - ok 16:01:26.0390 2920 aic78u2 - ok 16:01:26.0406 2920 aic78xx - ok 16:01:26.0437 2920 AirDisplay (f7ca3961a0ba4c30996f9e7e86a045bb) C:\WINDOWS\system32\DRIVERS\AVVideoCard.sys 16:01:26.0437 2920 AirDisplay - ok 16:01:26.0437 2920 AirDisplayMirror (a6877694865a09850f5fa9dc3f882479) C:\WINDOWS\system32\DRIVERS\AVVideoCardMirror.sys 16:01:26.0437 2920 AirDisplayMirror - ok 16:01:26.0453 2920 AliIde - ok 16:01:26.0484 2920 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 16:01:26.0484 2920 AmdPPM - ok 16:01:26.0500 2920 amsint - ok 16:01:26.0515 2920 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 16:01:26.0515 2920 Arp1394 - ok 16:01:26.0531 2920 asc - ok 16:01:26.0546 2920 asc3350p - ok 16:01:26.0546 2920 asc3550 - ok 16:01:26.0578 2920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:01:26.0578 2920 AsyncMac - ok 16:01:26.0593 2920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 16:01:26.0593 2920 atapi - ok 16:01:26.0593 2920 Atdisk - ok 16:01:26.0781 2920 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 16:01:26.0859 2920 ati2mtag - ok 16:01:26.0890 2920 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) C:\WINDOWS\system32\drivers\AtiHdmi.sys 16:01:26.0890 2920 AtiHdmiService - ok 16:01:26.0906 2920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:01:26.0906 2920 Atmarpc - ok 16:01:26.0921 2920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 16:01:26.0921 2920 audstub - ok 16:01:26.0937 2920 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys 16:01:26.0937 2920 AVG Anti-Rootkit - ok 16:01:26.0953 2920 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys 16:01:26.0953 2920 AvgArCln - ok 16:01:26.0984 2920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 16:01:27.0031 2920 Beep - ok 16:01:27.0093 2920 catchme - ok 16:01:27.0125 2920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 16:01:27.0125 2920 cbidf2k - ok 16:01:27.0140 2920 cd20xrnt - ok 16:01:27.0281 2920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 16:01:27.0281 2920 Cdaudio - ok 16:01:27.0312 2920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 16:01:27.0312 2920 Cdfs - ok 16:01:27.0328 2920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:01:27.0328 2920 Cdrom - ok 16:01:27.0328 2920 Changer - ok 16:01:27.0343 2920 CmdIde - ok 16:01:27.0375 2920 Cpqarray - ok 16:01:27.0406 2920 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys 16:01:27.0406 2920 CSCrySec - ok 16:01:27.0437 2920 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys 16:01:27.0437 2920 CSVirtualDiskDrv - ok 16:01:27.0453 2920 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys 16:01:27.0453 2920 cvspydr2 - ok 16:01:27.0468 2920 dac2w2k - ok 16:01:27.0468 2920 dac960nt - ok 16:01:27.0484 2920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 16:01:27.0484 2920 Disk - ok 16:01:27.0515 2920 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 16:01:27.0546 2920 dmboot - ok 16:01:27.0546 2920 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 16:01:27.0562 2920 dmio - ok 16:01:27.0578 2920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 16:01:27.0578 2920 dmload - ok 16:01:27.0593 2920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 16:01:27.0593 2920 DMusic - ok 16:01:27.0609 2920 dpti2o - ok 16:01:27.0656 2920 driverhardwarev2 (0f1189883690949ba7a9f68339587e51) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 16:01:27.0656 2920 driverhardwarev2 - ok 16:01:27.0671 2920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 16:01:27.0671 2920 drmkaud - ok 16:01:27.0687 2920 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 16:01:27.0687 2920 ElbyCDFL - ok 16:01:27.0703 2920 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 16:01:27.0703 2920 ElbyCDIO - ok 16:01:27.0734 2920 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys 16:01:27.0734 2920 ENTECH - ok 16:01:27.0750 2920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 16:01:27.0750 2920 Fastfat - ok 16:01:27.0765 2920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 16:01:27.0765 2920 Fdc - ok 16:01:27.0796 2920 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 16:01:27.0796 2920 Fips - ok 16:01:27.0812 2920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 16:01:27.0812 2920 Flpydisk - ok 16:01:27.0828 2920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 16:01:27.0828 2920 FltMgr - ok 16:01:27.0859 2920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:01:27.0859 2920 Fs_Rec - ok 16:01:27.0859 2920 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:01:27.0875 2920 Ftdisk - ok 16:01:27.0890 2920 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys 16:01:27.0890 2920 GcKernel - ok 16:01:27.0906 2920 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys 16:01:27.0906 2920 gdrv - ok 16:01:27.0921 2920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 16:01:27.0921 2920 GEARAspiWDM - ok 16:01:27.0937 2920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:01:27.0953 2920 Gpc - ok 16:01:27.0984 2920 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 16:01:27.0984 2920 HDAudBus - ok 16:01:28.0000 2920 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys 16:01:28.0000 2920 HIDSwvd - ok 16:01:28.0031 2920 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:01:28.0031 2920 hidusb - ok 16:01:28.0046 2920 hotcore3 (98f0353c85d6f493772340ec9220d71b) C:\WINDOWS\system32\drivers\hotcore3.sys 16:01:28.0046 2920 hotcore3 - ok 16:01:28.0062 2920 hpn - ok 16:01:28.0078 2920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 16:01:28.0093 2920 HTTP - ok 16:01:28.0109 2920 i2omgmt - ok 16:01:28.0109 2920 i2omp - ok 16:01:28.0140 2920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 16:01:28.0140 2920 Imapi - ok 16:01:28.0140 2920 ini910u - ok 16:01:28.0281 2920 IntcAzAudAddService (662b65eeb8d070bd1162a7b63859afcf) C:\WINDOWS\system32\drivers\RtkHDAud.sys 16:01:28.0343 2920 IntcAzAudAddService - ok 16:01:28.0359 2920 IntelIde - ok 16:01:28.0375 2920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 16:01:28.0390 2920 Ip6Fw - ok 16:01:28.0390 2920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:01:28.0390 2920 IpFilterDriver - ok 16:01:28.0406 2920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:01:28.0406 2920 IpInIp - ok 16:01:28.0421 2920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:01:28.0437 2920 IpNat - ok 16:01:28.0453 2920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:01:28.0453 2920 IPSec - ok 16:01:28.0468 2920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 16:01:28.0468 2920 IRENUM - ok 16:01:28.0484 2920 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:01:28.0484 2920 isapnp - ok 16:01:28.0500 2920 JRAID (a324485106f133e751f4b7f47c4be3ea) C:\WINDOWS\system32\DRIVERS\jraid.sys 16:01:28.0500 2920 JRAID - ok 16:01:28.0515 2920 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:01:28.0515 2920 Kbdclass - ok 16:01:28.0531 2920 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16:01:28.0531 2920 kbdhid - ok 16:01:28.0562 2920 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys 16:01:28.0562 2920 kl1 - ok 16:01:28.0578 2920 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\DRIVERS\klbg.sys 16:01:28.0578 2920 KLBG - ok 16:01:28.0609 2920 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) C:\WINDOWS\system32\DRIVERS\klif.sys 16:01:28.0609 2920 KLIF - ok 16:01:28.0625 2920 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys 16:01:28.0625 2920 klim5 - ok 16:01:28.0656 2920 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys 16:01:28.0656 2920 klmouflt - ok 16:01:28.0671 2920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 16:01:28.0687 2920 kmixer - ok 16:01:28.0703 2920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 16:01:28.0718 2920 KSecDD - ok 16:01:28.0750 2920 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 16:01:28.0750 2920 Lbd - ok 16:01:28.0765 2920 lbrtfdc - ok 16:01:28.0796 2920 LF30FS (10e0d92e5b21c045e0a53befb71dc09d) C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys 16:01:28.0796 2920 LF30FS - ok 16:01:28.0828 2920 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys 16:01:28.0828 2920 mcdbus - ok 16:01:28.0843 2920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 16:01:28.0859 2920 mnmdd - ok 16:01:28.0890 2920 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 16:01:28.0890 2920 Modem - ok 16:01:28.0906 2920 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:01:28.0906 2920 Mouclass - ok 16:01:28.0921 2920 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:01:28.0937 2920 mouhid - ok 16:01:28.0937 2920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 16:01:28.0937 2920 MountMgr - ok 16:01:28.0984 2920 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 16:01:28.0984 2920 MpFilter - ok 16:01:29.0000 2920 MpKsl078d3c29 - ok 16:01:29.0000 2920 MpKsl0e2ee768 - ok 16:01:29.0015 2920 MpKsl0f3bcbf4 - ok 16:01:29.0015 2920 MpKsl2bdc6bbb - ok 16:01:29.0031 2920 MpKsl6223c986 - ok 16:01:29.0031 2920 MpKsl646caed9 - ok 16:01:29.0046 2920 MpKsl68dd0546 - ok 16:01:29.0046 2920 MpKsl6cff4364 - ok 16:01:29.0062 2920 MpKsl76fbd28a - ok 16:01:29.0062 2920 MpKsl801c26e3 - ok 16:01:29.0078 2920 MpKsl89c4bd9c - ok 16:01:29.0093 2920 MpKsl8dc3269d - ok 16:01:29.0093 2920 MpKsl8ebe5b9f - ok 16:01:29.0109 2920 MpKsl966369e8 - ok 16:01:29.0109 2920 MpKsl9c328200 - ok 16:01:29.0125 2920 MpKsla4298a88 - ok 16:01:29.0125 2920 MpKsla6e0e3ed - ok 16:01:29.0140 2920 MpKslb6d0a0e2 - ok 16:01:29.0140 2920 MpKslb8265317 - ok 16:01:29.0156 2920 MpKslbad887e1 - ok 16:01:29.0156 2920 MpKslbd6ee218 - ok 16:01:29.0171 2920 MpKslcf4213ab - ok 16:01:29.0171 2920 MpKslda38a941 - ok 16:01:29.0171 2920 MpKsle1238778 - ok 16:01:29.0187 2920 MpKsle13038d4 - ok 16:01:29.0203 2920 MpKsle385f021 - ok 16:01:29.0203 2920 MpKsleb643d62 - ok 16:01:29.0203 2920 MpKslf0a77645 - ok 16:01:29.0218 2920 MpKslf61756ba - ok 16:01:29.0218 2920 MpKslf6bcf29e - ok 16:01:29.0234 2920 MpKslfa2ef13d - ok 16:01:29.0234 2920 mraid35x - ok 16:01:29.0250 2920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:01:29.0250 2920 MRxDAV - ok 16:01:29.0281 2920 MRxSmb (d52789bafdeabb6c8cac691c6c3d82b9) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:01:29.0281 2920 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: d52789bafdeabb6c8cac691c6c3d82b9, Fake md5: 0dc719e9b15e902346e87e9dcd5751fa 16:01:29.0281 2920 MRxSmb ( ForgedFile.Multi.Generic ) - warning 16:01:29.0281 2920 MRxSmb - detected ForgedFile.Multi.Generic (1) 16:01:29.0312 2920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 16:01:29.0312 2920 Msfs - ok 16:01:29.0328 2920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:01:29.0328 2920 MSKSSRV - ok 16:01:29.0359 2920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:01:29.0359 2920 MSPCLOCK - ok 16:01:29.0375 2920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 16:01:29.0375 2920 MSPQM - ok 16:01:29.0390 2920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:01:29.0390 2920 mssmbios - ok 16:01:29.0406 2920 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 16:01:29.0406 2920 Mup - ok 16:01:29.0421 2920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 16:01:29.0437 2920 NDIS - ok 16:01:29.0437 2920 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:01:29.0437 2920 NdisTapi - ok 16:01:29.0468 2920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:01:29.0468 2920 Ndisuio - ok 16:01:29.0484 2920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:01:29.0484 2920 NdisWan - ok 16:01:29.0500 2920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 16:01:29.0500 2920 NDProxy - ok 16:01:29.0515 2920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 16:01:29.0515 2920 NetBIOS - ok 16:01:29.0531 2920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 16:01:29.0531 2920 NetBT - ok 16:01:29.0562 2920 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 16:01:29.0562 2920 NIC1394 - ok 16:01:29.0578 2920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 16:01:29.0578 2920 Npfs - ok 16:01:29.0609 2920 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys 16:01:29.0609 2920 NPF_devolo - ok 16:01:29.0625 2920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 16:01:29.0640 2920 Ntfs - ok 16:01:29.0656 2920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 16:01:29.0671 2920 Null - ok 16:01:29.0687 2920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:01:29.0687 2920 NwlnkFlt - ok 16:01:29.0703 2920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:01:29.0703 2920 NwlnkFwd - ok 16:01:29.0718 2920 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 16:01:29.0718 2920 ohci1394 - ok 16:01:29.0734 2920 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 16:01:29.0734 2920 Parport - ok 16:01:29.0750 2920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 16:01:29.0750 2920 PartMgr - ok 16:01:29.0765 2920 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 16:01:29.0765 2920 ParVdm - ok 16:01:29.0781 2920 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 16:01:29.0781 2920 PCI - ok 16:01:29.0796 2920 PCIDump - ok 16:01:29.0796 2920 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 16:01:29.0796 2920 PCIIde - ok 16:01:29.0812 2920 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 16:01:29.0828 2920 Pcmcia - ok 16:01:29.0828 2920 PDCOMP - ok 16:01:29.0843 2920 PDFRAME - ok 16:01:29.0859 2920 PDRELI - ok 16:01:29.0859 2920 PDRFRAME - ok 16:01:29.0875 2920 perc2 - ok 16:01:29.0875 2920 perc2hib - ok 16:01:29.0906 2920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:01:29.0906 2920 PptpMiniport - ok 16:01:29.0921 2920 PQNTDrv (87d211ba1e9759e26b6296e625a31ce8) C:\WINDOWS\system32\drivers\PQNTDrv.sys 16:01:29.0921 2920 PQNTDrv - ok 16:01:29.0937 2920 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys 16:01:29.0937 2920 Processor - ok 16:01:29.0953 2920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 16:01:29.0968 2920 PSched - ok 16:01:29.0968 2920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:01:29.0968 2920 Ptilink - ok 16:01:30.0000 2920 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 16:01:30.0000 2920 PxHelp20 - ok 16:01:30.0015 2920 ql1080 - ok 16:01:30.0015 2920 Ql10wnt - ok 16:01:30.0031 2920 ql12160 - ok 16:01:30.0046 2920 ql1240 - ok 16:01:30.0046 2920 ql1280 - ok 16:01:30.0062 2920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:01:30.0062 2920 RasAcd - ok 16:01:30.0078 2920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:01:30.0078 2920 Rasl2tp - ok 16:01:30.0093 2920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:01:30.0093 2920 RasPppoe - ok 16:01:30.0109 2920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 16:01:30.0109 2920 Raspti - ok 16:01:30.0125 2920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:01:30.0125 2920 Rdbss - ok 16:01:30.0140 2920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:01:30.0140 2920 RDPCDD - ok 16:01:30.0156 2920 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 16:01:30.0156 2920 RDPWD - ok 16:01:30.0187 2920 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 16:01:30.0187 2920 redbook - ok 16:01:30.0296 2920 RTHDMIAzAudService (a5a9f4b77d7ff2b02633999ff71a7e9b) C:\WINDOWS\system32\drivers\RtKHDMI.sys 16:01:30.0390 2920 RTHDMIAzAudService - ok 16:01:30.0421 2920 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 16:01:30.0421 2920 RTLE8023xp - ok 16:01:30.0453 2920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:01:30.0453 2920 Secdrv - ok 16:01:30.0468 2920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 16:01:30.0468 2920 serenum - ok 16:01:30.0484 2920 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 16:01:30.0500 2920 Serial - ok 16:01:30.0531 2920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 16:01:30.0531 2920 Sfloppy - ok 16:01:30.0546 2920 Simbad - ok 16:01:30.0562 2920 Sparrow - ok 16:01:30.0593 2920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 16:01:30.0593 2920 splitter - ok 16:01:30.0640 2920 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 16:01:30.0640 2920 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 16:01:30.0640 2920 sptd ( LockedFile.Multi.Generic ) - warning 16:01:30.0640 2920 sptd - detected LockedFile.Multi.Generic (1) 16:01:30.0656 2920 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 16:01:30.0656 2920 sr - ok 16:01:30.0687 2920 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 16:01:30.0687 2920 Srv - ok 16:01:30.0703 2920 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 16:01:30.0703 2920 StarOpen - ok 16:01:30.0734 2920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 16:01:30.0734 2920 swenum - ok 16:01:30.0750 2920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 16:01:30.0750 2920 swmidi - ok 16:01:30.0781 2920 SWUSBFLT (5212178c49079e40831d95ec7596fcc7) C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys 16:01:30.0781 2920 SWUSBFLT - ok 16:01:30.0796 2920 symc810 - ok 16:01:30.0812 2920 symc8xx - ok 16:01:30.0812 2920 sym_hi - ok 16:01:30.0828 2920 sym_u3 - ok 16:01:30.0843 2920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 16:01:30.0843 2920 sysaudio - ok 16:01:30.0890 2920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:01:30.0890 2920 Tcpip - ok 16:01:30.0906 2920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 16:01:30.0921 2920 TDPIPE - ok 16:01:30.0937 2920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 16:01:30.0937 2920 TDTCP - ok 16:01:30.0968 2920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 16:01:30.0968 2920 TermDD - ok 16:01:30.0984 2920 TosIde - ok 16:01:31.0000 2920 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys 16:01:31.0015 2920 truecrypt - ok 16:01:31.0062 2920 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) P:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 16:01:31.0062 2920 TuneUpUtilitiesDrv - ok 16:01:31.0093 2920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 16:01:31.0093 2920 Udfs - ok 16:01:31.0093 2920 ultra - ok 16:01:31.0125 2920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 16:01:31.0140 2920 Update - ok 16:01:31.0156 2920 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 16:01:31.0156 2920 USBAAPL - ok 16:01:31.0171 2920 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 16:01:31.0187 2920 usbaudio - ok 16:01:31.0187 2920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:01:31.0187 2920 usbccgp - ok 16:01:31.0218 2920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 16:01:31.0218 2920 usbehci - ok 16:01:31.0218 2920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:01:31.0234 2920 usbhub - ok 16:01:31.0265 2920 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 16:01:31.0265 2920 usbohci - ok 16:01:31.0281 2920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 16:01:31.0281 2920 usbscan - ok 16:01:31.0312 2920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:01:31.0312 2920 USBSTOR - ok 16:01:31.0343 2920 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 16:01:31.0343 2920 usb_rndisx - ok 16:01:31.0375 2920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 16:01:31.0375 2920 VgaSave - ok 16:01:31.0390 2920 ViaIde - ok 16:01:31.0390 2920 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 16:01:31.0406 2920 VolSnap - ok 16:01:31.0421 2920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:01:31.0421 2920 Wanarp - ok 16:01:31.0437 2920 WDICA - ok 16:01:31.0453 2920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 16:01:31.0453 2920 wdmaud - ok 16:01:31.0500 2920 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 16:01:31.0500 2920 WmiAcpi - ok 16:01:31.0531 2920 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 16:01:31.0531 2920 WS2IFSL - ok 16:01:31.0578 2920 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) p:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl 16:01:31.0578 2920 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok 16:01:31.0609 2920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4 16:01:31.0921 2920 \Device\Harddisk4\DR4 - ok 16:01:31.0937 2920 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5 16:01:31.0937 2920 \Device\Harddisk5\DR5 - ok 16:01:31.0953 2920 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0 16:01:32.0078 2920 \Device\Harddisk0\DR0 - ok 16:01:32.0125 2920 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 16:01:32.0125 2920 \Device\Harddisk1\DR1 - ok 16:01:32.0156 2920 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2 16:01:32.0156 2920 \Device\Harddisk2\DR2 - ok 16:01:32.0171 2920 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3 16:01:32.0171 2920 \Device\Harddisk3\DR3 - ok 16:01:32.0203 2920 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk6\DR14 16:01:32.0203 2920 \Device\Harddisk6\DR14 - ok 16:01:32.0203 2920 Boot (0x1200) (0c92d0a593172fc71bceaa1fd36ade47) \Device\Harddisk4\DR4\Partition0 16:01:32.0203 2920 \Device\Harddisk4\DR4\Partition0 - ok 16:01:32.0218 2920 Boot (0x1200) (5d2bafc42454a6d29805fc13a5269a78) \Device\Harddisk5\DR5\Partition0 16:01:32.0218 2920 \Device\Harddisk5\DR5\Partition0 - ok 16:01:32.0250 2920 Boot (0x1200) (91d8b05664a4e69ea79a8d121dae28d9) \Device\Harddisk0\DR0\Partition0 16:01:32.0312 2920 \Device\Harddisk0\DR0\Partition0 - ok 16:01:32.0312 2920 Boot (0x1200) (38657bb370b8caa7efbe3ea2c1bbc970) \Device\Harddisk0\DR0\Partition1 16:01:32.0312 2920 \Device\Harddisk0\DR0\Partition1 - ok 16:01:32.0328 2920 Boot (0x1200) (fb10097bd8cfe596ad63298e8d896df2) \Device\Harddisk0\DR0\Partition2 16:01:32.0328 2920 \Device\Harddisk0\DR0\Partition2 - ok 16:01:32.0390 2920 Boot (0x1200) (c5141d89c0af2728bebe48570deb0014) \Device\Harddisk1\DR1\Partition0 16:01:32.0406 2920 \Device\Harddisk1\DR1\Partition0 - ok 16:01:32.0406 2920 Boot (0x1200) (d05da05f5abdc0ce0e2d1ddf3e712a09) \Device\Harddisk2\DR2\Partition0 16:01:32.0406 2920 \Device\Harddisk2\DR2\Partition0 - ok 16:01:32.0468 2920 Boot (0x1200) (27fb35d2c3e7ab0fb1d9c78e5a63487a) \Device\Harddisk3\DR3\Partition0 16:01:32.0468 2920 \Device\Harddisk3\DR3\Partition0 - ok 16:01:32.0484 2920 Boot (0x1200) (230bb639bc788bfe8bda7d4ca0ffdcaf) \Device\Harddisk6\DR14\Partition0 16:01:32.0500 2920 \Device\Harddisk6\DR14\Partition0 - ok 16:01:32.0500 2920 ============================================================ 16:01:32.0500 2920 Scan finished 16:01:32.0500 2920 ============================================================ 16:01:32.0515 3836 Detected object count: 3 16:01:32.0515 3836 Actual detected object count: 3 16:03:03.0828 3836 HKLM\SYSTEM\ControlSet003\services\79a512d8 - will be deleted on reboot 16:03:03.0828 3836 HKLM\SYSTEM\ControlSet004\services\79a512d8 - will be deleted on reboot 16:03:03.0828 3836 HKLM\SYSTEM\ControlSet005\services\79a512d8 - will be deleted on reboot 16:03:03.0828 3836 C:\WINDOWS\3625100665:2254105895.exe - will be deleted on reboot 16:03:03.0828 3836 79a512d8 ( HiddenFile.Multi.Generic ) - User select action: Delete 16:03:03.0828 3836 HKLM\SYSTEM\ControlSet003\services\MRxSmb - will be deleted on reboot 16:03:03.0828 3836 HKLM\SYSTEM\ControlSet004\services\MRxSmb - will be deleted on reboot 16:03:03.0843 3836 HKLM\SYSTEM\ControlSet005\services\MRxSmb - will be deleted on reboot 16:03:03.0843 3836 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be deleted on reboot 16:03:03.0843 3836 MRxSmb ( ForgedFile.Multi.Generic ) - User select action: Delete 16:03:03.0843 3836 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot 16:03:03.0843 3836 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot 16:03:03.0843 3836 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot 16:03:03.0843 3836 HKLM\SYSTEM\ControlSet004\services\sptd - will be deleted on reboot 16:03:03.0843 3836 HKLM\SYSTEM\ControlSet005\services\sptd - will be deleted on reboot 16:03:03.0843 3836 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted on reboot 16:03:03.0843 3836 sptd ( LockedFile.Multi.Generic ) - User select action: Delete 16:03:08.0453 3388 Deinitialize success On dirait que TDSS a reussi a le deloger. Par contre pour combofix,vu qu'il n'arrivait pas a installer la consolde de recuperation(il y avait aussi un message qui disait que ce prog MK..n'est pas un truc valide....,j'ai regarder sur google et l'ai installer via le CD avant de recommencer. Mais là encore il ne depasse pas le stade du message "Tentative de creation d'un point de restauration systeme". J'ai arreter au bout de 20 min pour passer en sans echec mais idem .

Voici le resultat: pourtant il est toujours present dans le gestionnaire de tache,drolement coriace Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Error: could not open file "c:windows\3625100665:2254105895.exe" Deletion of file "c:windows\3625100665:2254105895.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Completed script processing. ******************* Finished! Terminate. r

Bonjour, oui je peux le lancer dans chaque mode et il me trouve 2 elments a chaque fois ;voici un des derniers rapports: RogueKiller V5.3.4 [30/08/2011] par Tigzy contact sur Forum Sciences / Forum Informatique - Sur la Toile (SLT) mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/34) Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Archangel [Droits d'admin] Mode: Suppression -- Date : 23/09/2011 02:33:28 Processus malicieux: 2 [sUSP PATH] 3625100665:2254105895.exe -- c:\windows\3625100665:2254105895.exe -> KILLED [TermProc] [RESIDUE] 3625100665:2254105895.exe -- c:\windows\3625100665:2254105895.exe -> KILLED [TermProc] Entrees de registre: 0 Fichiers / Dossiers particuliers: Fichier HOSTS: Termine : << RKreport[12].txt >> Il semblerait que j'ai de nouveau des rebbot lors de l'ouverture de ma session et du mode ss echec reseau (1ere fois )

Alors: Apres avoir lancé le log,celui ci plante comme decrit plus haut. Je le relance alors en decochant donc device mais rebelotte,il plante de nouveau sauf qu'en voulant le relancer je n'ai aucune reaction(ou alors les fois suivante un message comme celui ci Windows ne parvient pas a acceder au pheripherique...) Je re-dl le log (comme le nom change a chaque fois j'en prend plusieurs) et refais un essai en mode sans echec normal. Tout se passe bien cette fois et au final 2 fichier du nom du virus sont trouvé (un dans la colonne ADS et l'autre en rouge dans Services). Je procede donc a la supression.(j'ai mal lu le tuto et fais la copie apres ) Je retente en mode ss echec avec reseau mais de nouveau cela replante mais en plus,je ne peux reutiliser le log une fois utilisés comme s'ils avaient ete blacklistés(les 4 que je venais de dl). Neanmoins,apres un autre reboot au demarrage de ma session,j'ai pu rester dessus sans BSOD ou reboot la fois suivante. Le processus est toujours present mais son niveau d'occupation est retombé a 0 au lieu de 400(aleatoire). GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-23 00:31:35 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1001FALS-00J7B1 rev.05.00K05 Running: j0w8mu5y.exe; Driver: C:\DOCUME~1\ARCHAN~1\LOCALS~1\Temp\fwtcipog.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0x08 0x1B 0x94 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 p:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x1B 0x32 0xC1 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x90 0x23 0xFD 0x2E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0x08 0x1B 0x94 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 p:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x1B 0x32 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x90 0x23 0xFD 0x2E ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0x08 0x1B 0x94 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 p:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x1B 0x32 0xC1 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x90 0x23 0xFD 0x2E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0x08 0x1B 0x94 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 p:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x1B 0x32 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x90 0x23 0xFD 0x2E ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0x08 0x1B 0x94 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 p:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x1B 0x32 0xC1 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x90 0x23 0xFD 0x2E ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE03.00.00.01MSWINDOWS 61A1096B87809E0AA5F4A83E677877A8020425269D89BE1F8949591E8622256C7D4F48BE83AE293C616B675599C426361EC5F6DD9E14F5903D3DEFBBF929A5F9AE0D7C4FF008B7539DCF83D3058A75365844C290E697D24FC5F276D96D275E876B129A602B1847F684C72D5287D1EDB5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407BA7FD869164D6794A6171C11EC38DE3D4CD71AC6BD8FBF260873DBCEB793E39C3AE9E3479EE9D328CCB4181023033C60334640F1957D0B197D48523709460D2A8126CC20FB9407880FE8232918AA6D2B3766B30F84E7A64B24BC56B8BFB1D9E27E9D766690A7D70DE2EB3A3004A3062BE8A8C1567C11675D3D2DEEE24F162A4C42BB3E1B727E4F40C956363EBD09D60C5C71DC16B7F287418CEBC45872E73F3DE15E29567C2D577F4BB31280E02912D1A71B18AF303724BFDABFA7CE255041E4F7595BC3CCF7C07DF184EE354C86D2D2E671AD1828BE3E75F4E1861029AAB7C2A173A22245D73D3E4C3B0F33A2D893BABAB5F859239B3CD02C0179FA8487922C80E76BC40CFA661D6CC1DA60CB0BB487C61EFC8E6895671754BDBA037EABA3C93A65CA920CC2B6486AF35FBA72B87C8C31525D6B85A8EBDE46AF262C25112297788E7687F1C58CBF60204BD106B6917 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB38018$\2040861400 0 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\bckfg.tmp 840 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\cfg.ini 202 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\Desktop.ini 4608 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\keywords 0 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\kwrd.dll 208896 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\L 0 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\L\acordtse 456320 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\U 0 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\U\00000001.@ 2048 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\U\00000002.@ 209920 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\U\80000000.@ 2560 bytes File C:\WINDOWS\$NtUninstallKB38018$\2040861400\U\80000032.@ 71168 bytes File C:\WINDOWS\$NtUninstallKB38018$\2816678359 0 bytes ---- EOF - GMER 1.0.15 ----

Tout d'abord Merci de prendre le temps de me repondre; je tente des que je suis rentré mais pour etre sur,dois je faire ce ci en mode sans echec normal(donc le virus inactif) apres avoir dl ce log ou en mode prise en charge reseau (virus actif dans ce mode ?? Car je ne peux booter normalement. Merci.

Bonjour j'ai reussi une nouvelle fois a me choper une saleté qui m'empeche de demarrer ma session ou plutot qui la redemarre sans cesse (redemarrage du pc). De ce que j'ai pu voir en mode normal,c'est un processus constitué d'une suite de chiffre comme dit ci dessus: :3625100665.2254105895.exe http://forum.hardware.fr/hfr/Windo [...] 4683_1.htm http://forum.hardware.fr/hfr/Windo [...] 6158_1.htm Par contre en mode sans echec,je peux rester sur ma session mais certains outils comme MBAM et l'antivirus microsoft ne demarre pas.("Windows ne parvient pas a acceder au pheripherique........° J'ai essayé de dl des version d'essai de Kaspersky ou Norton mais peut etre le fait que je sois en sans echec empeche une installation parfaite (ou c'est due au virus). Un scan online ne donne rien et le peu que j'ai pu voir,le log a planté avant la fin. Edit:Bien sur,il m'est impossible de killer le processus que j'ai signalé en sans echec et en mode normal la seul fois ou j'ai eu la main avant reboot. Edit2:Rien de nouveau sinon que ce processus ne tourne qu'en mode sans echec avec prise en charge reseau,en mode sans echec basique il n'est pas actif. ROguekiller (que j'avais conservé)me le trouve bien mais il revient a chaque fois malgrés un coup de suppression. Hijackthis se lance puis se ferme avant la fin dans le mode ss echec avec reseau mais RAS en ss echec basique. Un fichier est present dans C/windows qui porte le nom de ce processus mais fait 0ko est revient a chaque demarrage,idem dans le registre. J'ai mis le disque en externe pour une analyse avec Adaware,Mbam et Kaspersky mais rien a signaler(dans le pc d'origine,ces fonctions sont desactivé pour certaines). Si je lance un demarrage normal,j'ai des fois un BSOD des l'apparition de la session avant reboot. Pas question de formater n sur mais là je suis perdu et rien sur le net a ce sujet .

alors voila le post -->- Recherche: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\Propriétaire\Bureau\SmitFraudFix.exe: trouvé ! C:\Documents and Settings\Propriétaire\Bureau\SmitFraudfix: trouvé ! C:\Documents and Settings\Propriétaire\Bureau\Protection PC\HijackThis.lnk: trouvé ! C:\Documents and Settings\Propriétaire\Bureau\Protection PC\HJTInstall.exe: trouvé ! C:\Documents and Settings\Propriétaire\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe: trouvé ! C:\Documents and Settings\Propriétaire\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\Propriétaire\Bureau\SmitFraudFix.exe: supprimé ! C:\Documents and Settings\Propriétaire\Bureau\Protection PC\HijackThis.lnk: supprimé ! C:\Documents and Settings\Propriétaire\Bureau\Protection PC\HJTInstall.exe: supprimé ! C:\Documents and Settings\Propriétaire\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe: ERREUR DE SUPPRESSION !! C:\Documents and Settings\Propriétaire\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe: ERREUR DE SUPPRESSION !! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Documents and Settings\Propriétaire\Bureau\SmitFraudfix: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Sinon je n'utilise Ie que lorsque firefox ne passe pas sur de rare site seulement. Donc j'ai surfer toutes la journee et tout baigne^^. Je tiens a te remercier tres fort d'avoir pris le temps de m'aider a me debarasser de toutes ces cochonneries. Encore merci et @ la prochaine :P

Bonsoir alors voila: Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1032 Windows 5.1.2600 Service Pack 2 20:29:57 08/08/2008 mbam-log-8-8-2008 (20-29-57).txt Type de recherche: Examen rapide Eléments examinés: 49683 Temps écoulé: 11 minute(s), 9 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41:38, on 08/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - :C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (file missing) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Winspn] C:\Program Files\Winspn\winspn.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 5581 bytes

Voici le hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:58:56, on 08/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {42BFABD3-B070-4053-9485-30D7E000D3D3} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - :C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Winspn] C:\Program Files\Winspn\winspn.exe O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O20 - Winlogon Notify: mlJCTLdD - mlJCTLdD.dll (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 6168 bytes Et le smitfraudfix SmitFraudFix v2.333 Rapport fait à 13:47:02,95, 08/08/2008 Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\1024\ supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6224339-183F-450A-A07E-B3E432AFC9F6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6224339-183F-450A-A07E-B3E432AFC9F6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{A57528DD-FE5A-4B16-BD95-118C1816BC56}: NameServer=194.117.200.10,194.117.200.15 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6224339-183F-450A-A07E-B3E432AFC9F6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Voici le rapport mbam Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1031 Windows 5.1.2600 Service Pack 2 05:45:26 08/08/2008 mbam-log-8-8-2008 (05-45-26).txt Type de recherche: Examen complet (C:\|D:\|I:\|K:\|) Eléments examinés: 294274 Temps écoulé: 4 hour(s), 4 minute(s), 5 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 11 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\efcDUlkk.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad7a85d6-f7a3-4e8e-82d5-66ba12155e9f} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ad7a85d6-f7a3-4e8e-82d5-66ba12155e9f} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{978d956b-266e-dde2-f672-9dcc57092c19} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{978d956b-266e-dde2-f672-9dcc57092c19} (Adware.BHO) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcdulkk -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcdulkk -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\efcDUlkk.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\kklUDcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kklUDcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Bureau\efcDdUlkk (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Propriétaire\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully. A present le rapport de smitfraudfix.exe: SmitFraudFix v2.333 Rapport fait à 5:51:21,78, 08/08/2008 Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\SYSTEM32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\1024\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6224339-183F-450A-A07E-B3E432AFC9F6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6224339-183F-450A-A07E-B3E432AFC9F6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6224339-183F-450A-A07E-B3E432AFC9F6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{A57528DD-FE5A-4B16-BD95-118C1816BC56}: NameServer=194.117.200.10,194.117.200.15 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6224339-183F-450A-A07E-B3E432AFC9F6}: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Et un tit hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:03:10, on 08/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {42BFABD3-B070-4053-9485-30D7E000D3D3} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - :C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [Winspn] C:\Program Files\Winspn\winspn.exe O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O20 - Winlogon Notify: mlJCTLdD - mlJCTLdD.dll (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 6652 bytes Deja apres reboot et une restauration active desktop mes icones et barre de tache restent en place c'est bon signe

Alors pour le host,je ne sais pas ce que c'est et a quoi cela sert(je viens juste d'en lire la definition) et en tout cas je n'ai jamais creer un truc pareil (seul utilisateur de ce pc).D'ailleurs j'utilise tres peu yahoo et encore moins certaines adresses dont je viens de prendre conaissance. s Pour spybot je relance sans le timer (comme je l'ai dit j'ai plus de barre de tache ) 5 cookies de trouvés. Pour le scan Hijackthis entre celui d'hier et aujourd hui les lignes O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {42BFABD3-B070-4053-9485-30D7E000D3D3} - (no file) O2 - BHO: (no name) - {4C11C939-D235-4295-8978-8B83B382E527} - C:\WINDOWS\system32\efcDUlkk.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - :C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (file missing) O2 - BHO: targetedbanner browser optimizer - {978d956b-266e-dde2-f672-9dcc57092c19} - C:\WINDOWS\system32\qrulqqekwkckar.dll (file missing) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab n'apparaissent plus Par contre au lancement du log j'ai un messaqe qui dit ceci:you have an particularly large amount of hijacked domains.It's probably better to deleate the file itself then...... Connais-tu ceci se trouvant sur ton ordi? Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation <<oui c'est un utilitaire d'un Mybook Et effectivement j'avais avec le pc achete un norton que j'ai enleve depuis. Je ferais une analyse mbam ce soir.