akin13

Je vais potasser ca et je ferai remonter le topic s'il j'ai des questions. Merci encore à toi et à tes collègues

Rebooting fait (pas de rapports ) Pour compléter, saurais tu me dire parmi les elements qui se lancent au démarrage lesquels je peux désactiver sans soucis ? Daemon pour le citer que lui ... beh je ne sais pas de quoi il s'agit, l'ami qui m'a monté la bécane à la base m'avait mis ca mais l'utilité ... :$ Merci encore

ComboFix désinstallé, Pas de Qooboo dans C:\ Rapport HijackThis (Rapport OTC dans la réponse suivante pour plus de lisibilité) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:24:31, on 28/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\Akin\Mes documents\Akin2010.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 7724 bytes

Ca a l'air arrangé; j'ai passé search and destroy, antivir et quelques autres soft que j'avais tout est négatif. ComboFix a fait le ménage ? Merci en tout cas pour ton invervention "très" rapide. De très bonnes fêtes à toi !! Akin

Rapport MBR Rootkit detector Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK

Rapport TDSSKiller 18:42:11:625 10036 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 18:42:11:625 10036 ================================================================================ 18:42:11:625 10036 SystemInfo: 18:42:11:625 10036 OS Version: 5.1.2600 ServicePack: 3.0 18:42:11:625 10036 Product type: Workstation 18:42:11:625 10036 ComputerName: KIKOULOL 18:42:11:625 10036 UserName: Akin2010 18:42:11:625 10036 Windows directory: C:\WINDOWS 18:42:11:625 10036 Processor architecture: Intel x86 18:42:11:625 10036 Number of processors: 2 18:42:11:625 10036 Page size: 0x1000 18:42:11:625 10036 Boot type: Normal boot 18:42:11:625 10036 ================================================================================ 18:42:11:625 10036 ForceUnloadDriver: NtUnloadDriver error 2 18:42:11:625 10036 ForceUnloadDriver: NtUnloadDriver error 2 18:42:11:625 10036 ForceUnloadDriver: NtUnloadDriver error 2 18:42:11:625 10036 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 18:42:11:625 10036 main: Driver KLMD successfully dropped 18:42:11:625 10036 main: Driver KLMD successfully loaded 18:42:11:625 10036 Scanning Registry ... 18:42:11:625 10036 ScanServices: Searching service UACd.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 ScanServices: Searching service TDSSserv.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 ScanServices: Searching service gaopdxserv.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 ScanServices: Searching service gxvxcserv.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 ScanServices: Searching service MSIVXserv.sys 18:42:11:625 10036 ScanServices: Open/Create key error 2 18:42:11:625 10036 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000 18:42:11:625 10036 UnhookRegistry: Kernel local addr: A40000 18:42:11:625 10036 UnhookRegistry: KeServiceDescriptorTable addr: AC5700 18:42:11:625 10036 UnhookRegistry: KiServiceTable addr: A6D460 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey service number (local): 47 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey local addr: B8CFF2 18:42:11:625 10036 KLMD_OpenDevice: Trying to open KLMD device 18:42:11:625 10036 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 18:42:11:625 10036 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 18:42:11:625 10036 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4] 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey service number (kernel): 47 18:42:11:625 10036 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4] 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey real addr: 80623FF2 18:42:11:625 10036 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2 18:42:11:625 10036 UnhookRegistry: No SDT hooks found on NtEnumerateKey 18:42:11:625 10036 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA] 18:42:11:625 10036 UnhookRegistry: No splicing found on NtEnumerateKey 18:42:11:640 10036 Scanning Kernel memory ... 18:42:11:640 10036 KLMD_OpenDevice: Trying to open KLMD device 18:42:11:640 10036 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 18:42:11:640 10036 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 18:42:11:640 10036 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A5E6940 18:42:11:640 10036 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects 18:42:11:640 10036 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8A5ECC68 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5ECC68 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5ECC68[0x38] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A5E6940 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E6940[0xA8] 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xE1003438[0x208] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 18:42:11:640 10036 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler ( addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB 18:42:11:640 10036 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28 18:42:11:640 10036 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82 18:42:11:640 10036 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E 18:42:11:640 10036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 18:42:11:640 10036 KLMD_ReadMem: DeviceIoControl error 1 18:42:11:640 10036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 18:42:11:640 10036 TDL3_FileDetect: Processing driver: Disk 18:42:11:640 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 18:42:11:640 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8A647C68 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A647C68 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A647C68[0x38] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A5E6940 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E6940[0xA8] 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xE1003438[0x208] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 18:42:11:640 10036 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler ( addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB 18:42:11:640 10036 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28 18:42:11:640 10036 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82 18:42:11:640 10036 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E 18:42:11:640 10036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 18:42:11:640 10036 KLMD_ReadMem: DeviceIoControl error 1 18:42:11:640 10036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 18:42:11:640 10036 TDL3_FileDetect: Processing driver: Disk 18:42:11:640 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 18:42:11:640 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A5E39F0 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5E39F0 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E39F0[0x38] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A5E6940 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E6940[0xA8] 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xE1003438[0x208] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 18:42:11:640 10036 DetectCureTDL3: IrpHandler (0) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (1) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (2) addr: BA0EEBB0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (3) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (4) addr: BA0E8D1F 18:42:11:640 10036 DetectCureTDL3: IrpHandler (5) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (6) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (7) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler ( addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (9) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (10) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (11) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (12) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (13) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (14) addr: BA0E93BB 18:42:11:640 10036 DetectCureTDL3: IrpHandler (15) addr: BA0ECF28 18:42:11:640 10036 DetectCureTDL3: IrpHandler (16) addr: BA0E92E2 18:42:11:640 10036 DetectCureTDL3: IrpHandler (17) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (18) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (19) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (20) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (21) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (22) addr: BA0EAC82 18:42:11:640 10036 DetectCureTDL3: IrpHandler (23) addr: BA0EF99E 18:42:11:640 10036 DetectCureTDL3: IrpHandler (24) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (25) addr: 804F4562 18:42:11:640 10036 DetectCureTDL3: IrpHandler (26) addr: 804F4562 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 18:42:11:640 10036 KLMD_ReadMem: DeviceIoControl error 1 18:42:11:640 10036 TDL3_StartIoHookDetect: Unable to get StartIo handler code 18:42:11:640 10036 TDL3_FileDetect: Processing driver: Disk 18:42:11:640 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 18:42:11:640 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 18:42:11:640 10036 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A649AB8 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A649AB8 18:42:11:640 10036 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A6509E8 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6509E8 18:42:11:640 10036 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A662D98 18:42:11:640 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A662D98 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A662D98[0x38] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A65BF38 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A65BF38[0xA8] 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xE176B840[0x208] 18:42:11:640 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 18:42:11:640 10036 DetectCureTDL3: IrpHandler (0) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (1) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (2) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (3) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (4) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (5) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (6) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (7) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler ( addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (9) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (10) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (11) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (12) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (13) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (14) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (15) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (16) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (17) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (18) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (19) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (20) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (21) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (22) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (23) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (24) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (25) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: IrpHandler (26) addr: 8A5E2EA0 18:42:11:640 10036 DetectCureTDL3: All IRP handlers pointed to one addr: 8A5E2EA0 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E2EA0[0x400] 18:42:11:640 10036 TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0 18:42:11:640 10036 KLMD_ReadMem: Trying to ReadMemory 0xB9F11864[0x400] 18:42:11:640 10036 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 18:42:11:640 10036 TDL3_FileDetect: Processing driver: atapi 18:42:11:640 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 18:42:11:640 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 18:42:11:640 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 18:42:11:671 10036 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A5E5AB8 18:42:11:671 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5E5AB8 18:42:11:671 10036 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A5ED9E8 18:42:11:671 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5ED9E8 18:42:11:671 10036 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A651D98 18:42:11:671 10036 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A651D98 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A651D98[0x38] 18:42:11:671 10036 DetectCureTDL3: DRIVER_OBJECT addr: 8A65BF38 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A65BF38[0xA8] 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0xE176B840[0x208] 18:42:11:671 10036 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 18:42:11:671 10036 DetectCureTDL3: IrpHandler (0) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (1) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (2) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (3) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (4) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (5) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (6) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (7) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler ( addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (9) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (10) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (11) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (12) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (13) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (14) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (15) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (16) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (17) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (18) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (19) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (20) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (21) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (22) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (23) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (24) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (25) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: IrpHandler (26) addr: 8A5E2EA0 18:42:11:671 10036 DetectCureTDL3: All IRP handlers pointed to one addr: 8A5E2EA0 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0x8A5E2EA0[0x400] 18:42:11:671 10036 TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0 18:42:11:671 10036 KLMD_ReadMem: Trying to ReadMemory 0xB9F11864[0x400] 18:42:11:671 10036 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 18:42:11:671 10036 TDL3_FileDetect: Processing driver: atapi 18:42:11:671 10036 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 18:42:11:671 10036 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 18:42:11:671 10036 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 18:42:11:671 10036 Completed Results: 18:42:11:671 10036 Infected objects in memory: 0 18:42:11:671 10036 Cured objects in memory: 0 18:42:11:671 10036 Infected objects on disk: 0 18:42:11:671 10036 Objects on disk cured on reboot: 0 18:42:11:671 10036 Objects on disk deleted on reboot: 0 18:42:11:671 10036 Registry nodes deleted on reboot: 0 18:42:11:671 10036 Je reboot comme demandé dans ton dernier message.

Après une lutte sans merci (et sans s'il vous plait) j'y suis arrivé ... Rapport ComboFix ComboFix 09-12-26.05 - Akin2010 27/12/2009 18:26:05.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1683 [GMT 1:00] Lancé depuis: c:\documents and settings\Akin2010\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\H8SRTvtlonlkiqu.sys c:\windows\system32\H8SRTjdbqlxfelt.dat c:\windows\system32\H8SRTjgnpxbivkf.dll c:\windows\system32\H8SRTwbimovcxxk.dll c:\windows\system32\krl32mainweq.dll c:\windows\system32\srcr.dat . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-27 au 2009-12-27 )))))))))))))))))))))))))))))))))))) . 2009-12-27 16:06 . 2009-12-27 16:06 -------- d-sh--w- c:\documents and settings\Akin2010\IECompatCache 2009-12-27 16:00 . 2009-12-27 16:00 -------- d-----w- c:\documents and settings\Akin2010\Application Data\TeamViewer 2009-12-27 16:00 . 2009-12-27 16:00 -------- d-----w- c:\documents and settings\Akin2010\temp 2009-12-27 15:20 . 2009-12-27 15:23 -------- d-----w- C:\rsit 2009-12-27 14:51 . 2009-12-27 14:51 -------- d-----w- c:\documents and settings\Akin2010\Local Settings\Application Data\Mozilla 2009-12-27 14:30 . 2009-12-27 14:30 29672 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-27 14:29 . 2009-12-27 14:29 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2009-12-27 07:02 . 2009-12-27 07:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-12-04 09:03 . 2009-12-04 09:03 251376 ----a-w- c:\documents and settings\Akin\Application Data\Mozilla\plugins\npgoogletalk.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-27 16:40 . 2009-01-11 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-27 16:30 . 2009-01-11 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-27 15:42 . 2009-12-27 14:50 -------- d-----w- c:\documents and settings\Akin2010\Application Data\Skype 2009-12-27 14:50 . 2009-12-27 14:50 -------- d-----w- c:\documents and settings\Akin2010\Application Data\Camfrog 2009-12-27 14:50 . 2009-12-27 14:50 29672 ----a-w- c:\documents and settings\Akin2010\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-27 14:50 . 2009-12-27 14:50 -------- d-----w- c:\documents and settings\Akin2010\Application Data\ATI 2009-12-22 08:08 . 2002-08-30 12:00 72968 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-22 08:08 . 2002-08-30 12:00 464480 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-21 21:21 . 2009-02-02 19:30 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-10 15:18 . 2009-04-30 12:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-08 08:34 . 2009-01-18 15:54 -------- d-----w- c:\documents and settings\Akin\Application Data\Camfrog 2009-12-01 08:57 . 2009-10-19 08:55 -------- d-----w- c:\program files\Reference Manager 11 2009-11-26 19:09 . 2009-05-10 13:20 -------- d-----w- c:\documents and settings\Akin\Application Data\dvdcss 2009-11-19 19:44 . 2009-11-19 19:39 -------- d-----w- c:\program files\JDownloader 2009-11-13 14:26 . 2009-05-31 13:42 -------- d-----w- c:\program files\Ê¢´óÍøÂç 2009-11-02 15:27 . 2009-01-11 19:23 -------- d-----w- c:\documents and settings\Akin\Application Data\teamspeak2 2009-10-29 07:42 . 2008-04-13 17:33 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:39 . 2008-04-13 17:33 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2008-04-13 17:33 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2008-04-13 09:53 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2008-04-13 17:33 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2008-04-13 17:33 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2008-04-13 17:33 150528 ----a-w- c:\windows\system32\rastls.dll 2009-10-04 16:15 . 2009-01-11 17:40 29672 ----a-w- c:\documents and settings\Akin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-10-27 08:37 . 2008-10-27 08:37 699488 -c--a-w- c:\program files\JUN2007_d3dx10_34_x86.cab 2008-10-27 08:36 . 2008-10-27 08:36 526160 -c--a-w- c:\program files\DXSETUP.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432] "CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176] "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 02:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2009-05-07 19:05 75048 ----a-w- c:\program files\CyberLink\Shared files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog] 2009-06-16 07:20 41800 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-13 17:34 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient] 2009-07-24 16:46 1935360 ----a-w- c:\program files\Curse\CurseClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-17 22:23 135664 ----atw- c:\documents and settings\Akin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-12-20 06:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut] 2009-04-27 15:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] 2009-04-27 18:41 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-03-11 11:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"= "c:\\Program Files\\adslTV\\adsltv.exe"= "g:\\World of Warcraft sur Lioetlinou\\Launcher.exe"= "g:\\World of Warcraft Public Test\\Launcher.exe"= "g:\\World of Warcraft sur Lioetlinou\\BackgroundDownloader.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "g:\\World of Warcraft sur Lioetlinou\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"= "g:\\World of Warcraft sur Lioetlinou\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"= "c:\\Program Files\\eMule\\emule.exe"= "g:\\World of Warcraft sur Lioetlinou\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"= "g:\\World of Warcraft sur Lioetlinou\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "g:\\World of Warcraft Public Test\\WoW-0.3.0.10522-frFR-ptr-downloader.exe"= "g:\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-frFR-ptr-downloader.exe"= "g:\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-frFR-ptr-downloader.exe"= "g:\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-frFR-ptr-downloader.exe"= "c:\\Documents and Settings\\Akin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Akin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Documents and Settings\\Akin2010\\temp\\TeamViewer\\Version5\\TeamViewer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/01/2009 19:38 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/01/2009 19:38 5248] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/09/09 18:42];c:\program files\CyberLink\PowerDVD9\000.fcl [07/05/2009 20:05 87536] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [15/11/2008 19:47 476416] S3 SaiH80C1;SaiH80C1;c:\windows\system32\drivers\SaiH80C1.sys [05/10/2007 09:19 136320] . ------- Examen supplémentaire ------- . DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe FF - ProfilePath - c:\documents and settings\Akin2010\Application Data\Mozilla\Firefox\Profiles\qqqrrzle.default\ FF - prefs.js: browser.search.selectedEngine - xeoo.com FF - prefs.js: browser.startup.homepage - gmail.com FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com"); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k="); c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox"); . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe MSConfigStartUp-Malware Defense - c:\program files\Malware Defense\mdefense.exe MSConfigStartUp-richtx64 - c:\docume~1\Akin\LOCALS~1\Temp\richtx64.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-27 18:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5E2EA0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28 \Driver\ACPI -> ACPI.sys @ 0xb9f58cb8 \Driver\atapi -> 0x8a5e2ea0 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xb9e04bb0 PacketIndicateHandler -> NDIS.sys @ 0xb9df3a0d SendHandler -> NDIS.sys @ 0xb9e07b40 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(956) c:\windows\system32\Ati2evxx.dll c:\windows\system32\MPRAPI.dll - - - - - - - > 'explorer.exe'(7240) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe c:\program files\Logitech\GamePanel Software\Applets\LCDPop3.exe c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Heure de fin: 2009-12-27 18:33:40 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-27 17:33 Avant-CF: 17 769 992 192 octets libres Après-CF: 18 456 748 032 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 6BE0B135FEB7FA3568C3561DD3005E79 Edit: Antivir --> je ne trouvais pas l'option. Le poste va me reservir a partir de demain donc j'ai fait au plus rapide (j'ai deja antivir pret a etre réinstallé dès que le systeme sera opérationnel)

Antivirus effacé pour le moment J'ai lancé ComboFix Il m'ouvre une boite ressemblant a MSDOS (blanc sur fond bleu) Voilà le message: 'SWSC' n'est pas reconnu en tant que commande interne ou externe, un programme exécutable ou un fichier de commandes. edit: je viens de relancer, ca semble fonctionner, je réditerai avec le rapport

J'ai la version de Antivir sur mon DD sauvegardé, ca craint pas trop (au point où j'en suis) si je l'efface totalement ?

question bête: j'ai antivir, comment le désactiver? (le cliq droit sur l'icône de barre de tâche ne semble pas suffire car combofix le détecte toujours)

Log ci-dessous Par contre chose étrange, il a rebooté deux fois ... (mais bon il a rebooté c'est deja ca) Merci Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "H8SRTd.sys" found! ImagePath: \systemroot\system32\drivers\H8SRTvtlonlkiqu.sys Start Type: 4 (Disabled) Rootkit scan completed. Driver "H8SRTd.sys" disabled successfully. Driver "H8SRTd.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate.

Re Désolé du temps de réponse. La machine bug de plus en plus. l'indicateur de l'UC est a 100% et j'ai souvent de gros freeze pendant lesquels je ne peux plus ouvrir ni fermer quoique ce soit) Je réponds d'une autre machine d'un autre temps ... mais qui se log ... J'ai refait la manip comme demandé, en générant un autre fichier aléatoire. Au même stade que précédemment j'ai une jolie fenetre me disant que le programme en question a rencontré un soucis et qu'il doit etre fermé

J'ai telechargé GMER, obtenu le fichier téléchargé au nom aéatoire. lorsque je lance le scan (apres avoir décoché comme demandé), il me lance le debut du scan avant de me faire une erreur (envoyer ou pas le rapport d'erreur ...) J'ai sauvé le debut du scan du coup mais bon ... il est très largement incomplet (ca se coupe au bou de a sec max) GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-27 17:14:25 Windows 5.1.2600 Service Pack 3 Running: nq92pk9s.exe; Driver: C:\DOCUME~1\Akin2010\LOCALS~1\Temp\pwriqpog.sys ---- System - GMER 1.0.15 ---- Code 8A2C2998 ZwEnumerateKey Code 8A2C1760 ZwFlushInstructionCache Code 8A2C330E IofCallDriver Code 8A2C35BE IofCompleteRequest ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A653B58 Device \Driver\Cdrom \Device\CdRom0 8A278C40 Device \FileSystem\Rdbss \Device\FsWrap 8A29F848 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A278D48 Device \Driver\atapi \Device\Ide\IdePort0 8A278D48 Device \Driver\atapi \Device\Ide\IdePort1 8A278D48 Device \Driver\atapi \Device\Ide\IdePort2 8A278D48 Device \Driver\atapi \Device\Ide\IdePort3 8A278D48 Device \Driver\atapi \Device\Ide\IdePort4 8A278D48 Device \Driver\atapi \Device\Ide\IdePort5 8A278D48 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1b 8A278D48 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 8A278D48 Device \FileSystem\Srv \Device\LanmanServer 8A37B858 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A27AA78 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A27AA78 Device \FileSystem\Npfs \Device\NamedPipe 8A2B4790 Device \FileSystem\Msfs \Device\Mailslot 8A4A5AB0 Device \Driver\d347prt \Device\Scsi\d347prt1Port6Path0Target0Lun0 8A291458 Device \Driver\d347prt \Device\Scsi\d347prt1 8A291458 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A4B6888 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A4B6888 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A4B6888 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A4B6888 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A4B6888 Device \FileSystem\Cdfs \Cdfs 8A4E1E88

oui, il m'a généré deux ou trois elements sur le bureau avant de les faire disparaitre. edit: je viens de retest MBAM qui ne reagit toujours pas

Malwarebytes' Anti-Malware (MBAM) s'est téléchargé correctement mais ne se lance pas lorsque je double clic (comme la plupart des search and destroy ou autre que j'ai tenté de lancer précédemment. Merci de la réponse :$