Aller au contenu

jade-laurence

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    48

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français

Visiteurs récents du profil

2 638 visualisations du profil

jade-laurence's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. jade-laurence
    Merci pour ton aide, je m'y met de ce pas !
  2. jade-laurence
    Bonsoir, je suis désolée mais je n'y arrive pas; il fait son rapport mais il me plante le PC à chaque fois que j'essaie de copier le rapport; j'ai essayé d'être patiente mais après m'y être reprise plusieurs fois ça commence à devenir très long! Aide moi s'il te plaît Par ailleurs non je n'ai pas d'autres dysfonctionnements en tout cas rien que j'aie remarqué. j'aurais peut être dû commencer par l'astuce de Marie. Est ce que je recommence?
  3. jade-laurence
    voici les liens des rapports RSIT Cijoint.fr - Service gratuit de dépôt de fichiers Cijoint.fr - Service gratuit de dépôt de fichiers concernant antivir je ne sais pas si c'est bien ce que tu demandes: Dans le fichier 'C:\Windows\winsxs\Temp\PendingRenames\2022ebc02b7dcb01520c0000b80d3c0b.x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6001.18000_none_09728233a7d6b5fb_spsys.sys_95b9c9e3' un virus ou un programme indésirable 'BDS/TDSS.68198443' [backdoor] a été détecté. Action exécutée : Refuser l'accès
  4. jade-laurence
    merci de ta réponse aussi rapide Apollo malheureusement je crois qu'il n'a pas trouvé voici le rapport 2010/11/05 22:03:49.0568 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43 2010/11/05 22:03:49.0568 ================================================================================ 2010/11/05 22:03:49.0568 SystemInfo: 2010/11/05 22:03:49.0568 2010/11/05 22:03:49.0568 OS Version: 6.0.6000 ServicePack: 0.0 2010/11/05 22:03:49.0568 Product type: Workstation 2010/11/05 22:03:49.0568 ComputerName: PC-DE-JADE 2010/11/05 22:03:49.0568 UserName: Jade 2010/11/05 22:03:49.0568 Windows directory: C:\Windows 2010/11/05 22:03:49.0568 System windows directory: C:\Windows 2010/11/05 22:03:49.0568 Processor architecture: Intel x86 2010/11/05 22:03:49.0568 Number of processors: 2 2010/11/05 22:03:49.0568 Page size: 0x1000 2010/11/05 22:03:49.0568 Boot type: Normal boot 2010/11/05 22:03:49.0568 ================================================================================ 2010/11/05 22:03:50.0598 Initialize success 2010/11/05 22:03:54.0202 ================================================================================ 2010/11/05 22:03:54.0202 Scan started 2010/11/05 22:03:54.0202 Mode: Manual; 2010/11/05 22:03:54.0202 ================================================================================ 2010/11/05 22:04:00.0645 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 2010/11/05 22:04:04.0327 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2010/11/05 22:04:10.0021 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2010/11/05 22:04:15.0481 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2010/11/05 22:04:18.0305 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2010/11/05 22:04:20.0972 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 2010/11/05 22:04:24.0170 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys 2010/11/05 22:04:28.0959 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2010/11/05 22:04:33.0203 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/11/05 22:04:38.0787 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2010/11/05 22:04:45.0433 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2010/11/05 22:04:49.0317 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2010/11/05 22:04:52.0812 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2010/11/05 22:04:56.0041 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2010/11/05 22:04:59.0317 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2010/11/05 22:05:02.0889 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2010/11/05 22:05:06.0290 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/11/05 22:05:09.0410 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys 2010/11/05 22:05:12.0764 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/11/05 22:05:16.0165 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys 2010/11/05 22:05:19.0363 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 2010/11/05 22:05:25.0977 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 2010/11/05 22:05:28.0973 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/11/05 22:05:32.0061 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/11/05 22:05:35.0259 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/11/05 22:05:38.0255 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/11/05 22:05:41.0609 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/11/05 22:05:44.0775 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/11/05 22:05:48.0145 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/11/05 22:05:51.0187 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 2010/11/05 22:05:54.0447 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 2010/11/05 22:05:57.0614 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2010/11/05 22:06:00.0235 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 2010/11/05 22:06:03.0480 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/11/05 22:06:06.0506 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2010/11/05 22:06:09.0673 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 2010/11/05 22:06:13.0011 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2010/11/05 22:06:16.0241 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2010/11/05 22:06:19.0392 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 2010/11/05 22:06:23.0869 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 2010/11/05 22:06:27.0348 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 2010/11/05 22:06:30.0437 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys 2010/11/05 22:06:33.0369 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 2010/11/05 22:06:36.0271 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/11/05 22:06:39.0204 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 2010/11/05 22:06:42.0230 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2010/11/05 22:06:45.0038 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 2010/11/05 22:06:48.0065 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2010/11/05 22:06:50.0997 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 2010/11/05 22:06:53.0993 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 2010/11/05 22:06:56.0972 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/11/05 22:06:59.0733 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 2010/11/05 22:07:02.0853 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 2010/11/05 22:07:05.0677 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys 2010/11/05 22:07:08.0625 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2010/11/05 22:07:11.0543 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2010/11/05 22:07:14.0475 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/11/05 22:07:17.0330 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/11/05 22:07:19.0920 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/11/05 22:07:22.0790 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 2010/11/05 22:07:25.0692 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2010/11/05 22:07:28.0827 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 2010/11/05 22:07:31.0932 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2010/11/05 22:07:34.0771 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/11/05 22:07:37.0875 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2010/11/05 22:07:40.0855 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/11/05 22:07:44.0178 IntcAzAudAddService (2690be9907b36b7c3ea2859c74926fa1) C:\Windows\system32\drivers\RTKVHDA.sys 2010/11/05 22:07:47.0095 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys 2010/11/05 22:07:50.0012 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2010/11/05 22:07:53.0039 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/11/05 22:07:58.0857 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2010/11/05 22:08:01.0884 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 2010/11/05 22:08:04.0988 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 2010/11/05 22:08:07.0952 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2010/11/05 22:08:10.0932 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/11/05 22:08:13.0818 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/11/05 22:08:16.0953 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/11/05 22:08:19.0761 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/11/05 22:08:22.0741 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2010/11/05 22:08:25.0643 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys 2010/11/05 22:08:28.0778 KR10N (0f9e83709cbb60b1549f3a65d0ab6e4f) C:\Windows\system32\drivers\kr10n.sys 2010/11/05 22:08:31.0773 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 2010/11/05 22:08:34.0519 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 2010/11/05 22:08:37.0452 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2010/11/05 22:08:40.0416 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2010/11/05 22:08:43.0411 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2010/11/05 22:08:46.0515 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 2010/11/05 22:08:49.0604 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2010/11/05 22:08:52.0646 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 2010/11/05 22:08:55.0485 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 2010/11/05 22:08:58.0278 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 2010/11/05 22:09:01.0289 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys 2010/11/05 22:09:04.0315 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 2010/11/05 22:09:07.0201 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2010/11/05 22:09:09.0962 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 2010/11/05 22:09:13.0254 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/11/05 22:09:15.0687 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 2010/11/05 22:09:18.0620 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/11/05 22:09:21.0631 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/11/05 22:09:24.0657 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/11/05 22:09:27.0793 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2010/11/05 22:09:30.0788 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2010/11/05 22:09:33.0830 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 2010/11/05 22:09:36.0857 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys 2010/11/05 22:09:40.0039 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 2010/11/05 22:09:43.0190 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/11/05 22:09:46.0185 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 2010/11/05 22:09:49.0337 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 2010/11/05 22:09:52.0347 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/11/05 22:09:55.0265 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 2010/11/05 22:09:58.0291 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 2010/11/05 22:10:01.0349 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 2010/11/05 22:10:04.0375 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 2010/11/05 22:10:07.0433 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/11/05 22:10:10.0272 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/11/05 22:10:13.0298 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/11/05 22:10:16.0356 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 2010/11/05 22:10:19.0491 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 2010/11/05 22:10:22.0284 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 2010/11/05 22:10:24.0483 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys 2010/11/05 22:10:25.0981 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/11/05 22:10:27.0401 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 2010/11/05 22:10:28.0851 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 2010/11/05 22:10:30.0333 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 2010/11/05 22:10:31.0800 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/11/05 22:10:33.0219 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 2010/11/05 22:10:34.0873 nvlddmkm (b02587fa997723297384c95f424e78fa) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/11/05 22:10:36.0480 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2010/11/05 22:10:37.0915 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2010/11/05 22:10:39.0303 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2010/11/05 22:10:43.0547 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/11/05 22:10:45.0013 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2010/11/05 22:10:46.0479 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 2010/11/05 22:10:48.0102 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2010/11/05 22:10:49.0584 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys 2010/11/05 22:10:50.0988 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2010/11/05 22:10:52.0407 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/11/05 22:10:53.0874 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/11/05 22:10:55.0418 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys 2010/11/05 22:10:56.0853 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2010/11/05 22:10:58.0304 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 2010/11/05 22:10:59.0771 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2010/11/05 22:11:01.0221 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/11/05 22:11:02.0672 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 2010/11/05 22:11:04.0076 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 2010/11/05 22:11:05.0621 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/11/05 22:11:07.0025 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/11/05 22:11:08.0522 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 2010/11/05 22:11:10.0207 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/11/05 22:11:11.0658 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2010/11/05 22:11:13.0109 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 2010/11/05 22:11:14.0544 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 2010/11/05 22:11:16.0088 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 2010/11/05 22:11:17.0570 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/11/05 22:11:19.0068 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys 2010/11/05 22:11:20.0519 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/11/05 22:11:22.0250 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2010/11/05 22:11:23.0670 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2010/11/05 22:11:25.0105 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 2010/11/05 22:11:26.0618 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2010/11/05 22:11:28.0038 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2010/11/05 22:11:29.0442 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2010/11/05 22:11:30.0861 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/11/05 22:11:32.0359 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2010/11/05 22:11:33.0763 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2010/11/05 22:11:35.0214 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2010/11/05 22:11:36.0696 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 2010/11/05 22:11:38.0131 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 2010/11/05 22:11:39.0582 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 2010/11/05 22:11:41.0079 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 2010/11/05 22:11:42.0499 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 2010/11/05 22:11:43.0950 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/11/05 22:11:45.0385 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys 2010/11/05 22:11:46.0851 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/11/05 22:11:48.0287 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/11/05 22:11:49.0722 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/11/05 22:11:51.0157 SynTP (2d2c815364a878c7e358d5f549711197) C:\Windows\system32\DRIVERS\SynTP.sys 2010/11/05 22:11:52.0701 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys 2010/11/05 22:11:54.0215 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys 2010/11/05 22:11:55.0634 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 2010/11/05 22:11:57.0069 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys 2010/11/05 22:11:58.0505 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 2010/11/05 22:11:59.0909 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 2010/11/05 22:12:01.0328 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 2010/11/05 22:12:02.0795 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys 2010/11/05 22:12:04.0277 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys 2010/11/05 22:12:05.0727 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\drivers\Tosrfcom.sys 2010/11/05 22:12:07.0272 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys 2010/11/05 22:12:08.0754 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/11/05 22:12:10.0173 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 2010/11/05 22:12:11.0655 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 2010/11/05 22:12:17.0271 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 2010/11/05 22:12:25.0742 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2010/11/05 22:12:31.0046 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 2010/11/05 22:12:35.0024 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2010/11/05 22:12:38.0066 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2010/11/05 22:12:41.0015 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/11/05 22:12:43.0838 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/11/05 22:12:46.0599 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 2010/11/05 22:12:50.0172 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/11/05 22:12:54.0914 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/11/05 22:12:57.0488 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys 2010/11/05 22:12:58.0939 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys 2010/11/05 22:13:00.0421 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2010/11/05 22:13:01.0872 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 2010/11/05 22:13:03.0307 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys 2010/11/05 22:13:04.0742 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/11/05 22:13:06.0177 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/11/05 22:13:07.0644 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/11/05 22:13:09.0110 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 2010/11/05 22:13:10.0530 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2010/11/05 22:13:11.0965 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2010/11/05 22:13:13.0385 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2010/11/05 22:13:14.0835 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys 2010/11/05 22:13:16.0271 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 2010/11/05 22:13:17.0706 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 2010/11/05 22:13:19.0125 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2010/11/05 22:13:20.0576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/11/05 22:13:22.0011 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2010/11/05 22:13:22.0043 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2010/11/05 22:13:23.0509 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2010/11/05 22:13:24.0960 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys 2010/11/05 22:13:26.0504 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2010/11/05 22:13:27.0955 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 2010/11/05 22:13:29.0437 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/11/05 22:13:29.0531 ================================================================================ 2010/11/05 22:13:29.0531 Scan finished 2010/11/05 22:13:29.0531 ================================================================================
  5. jade-laurence
    Bonsoir, Je sollicite de nouveau de l'aide après quelques mois d'absence. Antivir a détecté la présence de BDS/TDSS.68198443 plusieurs fois dans la soirée. Ils ont été placés en quarantaine. lorsque j'ai recu ces alerte windows update était en cours et la mise à jour a échoué avec le code erreur : 80070005 est ce que c'est lié? comment résoudre mon problème? merci de votre aide je joins le rapport du scan intégral par antivir et un log Hijackthis Avira AntiVir Personal Date de création du fichier de rapport : vendredi 5 novembre 2010 20:18 La recherche porte sur 3020684 souches de virus. Le programme fonctionne en version intégrale illimitée. Les services en ligne sont disponibles. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows Vista Version de Windows : (plain) [6.0.6000] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : PC-DE-JADE Informations de version : BUILD.DAT : 10.0.0.99 31821 Bytes 27/08/2010 08:04:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 17/08/2010 12:38:56 AVSCAN.DLL : 10.0.3.0 56168 Bytes 17/08/2010 12:39:10 LUKE.DLL : 10.0.2.3 104296 Bytes 17/08/2010 12:39:03 LUKERES.DLL : 10.0.0.0 13672 Bytes 17/08/2010 12:39:11 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 11:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 12:39:06 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 12:39:07 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 12:39:09 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 15:30:28 VBASE009.VDF : 7.10.13.80 2265600 Bytes 02/11/2010 17:04:26 VBASE010.VDF : 7.10.13.81 2048 Bytes 02/11/2010 17:04:26 VBASE011.VDF : 7.10.13.82 2048 Bytes 02/11/2010 17:04:26 VBASE012.VDF : 7.10.13.83 2048 Bytes 02/11/2010 17:04:26 VBASE013.VDF : 7.10.13.116 147968 Bytes 04/11/2010 17:04:27 VBASE014.VDF : 7.10.13.117 2048 Bytes 04/11/2010 17:04:27 VBASE015.VDF : 7.10.13.118 2048 Bytes 04/11/2010 17:04:27 VBASE016.VDF : 7.10.13.119 2048 Bytes 04/11/2010 17:04:27 VBASE017.VDF : 7.10.13.120 2048 Bytes 04/11/2010 17:04:27 VBASE018.VDF : 7.10.13.121 2048 Bytes 04/11/2010 17:04:27 VBASE019.VDF : 7.10.13.122 2048 Bytes 04/11/2010 17:04:27 VBASE020.VDF : 7.10.13.123 2048 Bytes 04/11/2010 17:04:27 VBASE021.VDF : 7.10.13.124 2048 Bytes 04/11/2010 17:04:27 VBASE022.VDF : 7.10.13.125 2048 Bytes 04/11/2010 17:04:27 VBASE023.VDF : 7.10.13.126 2048 Bytes 04/11/2010 17:04:28 VBASE024.VDF : 7.10.13.127 2048 Bytes 04/11/2010 17:04:28 VBASE025.VDF : 7.10.13.128 2048 Bytes 04/11/2010 17:04:29 VBASE026.VDF : 7.10.13.129 2048 Bytes 04/11/2010 17:04:29 VBASE027.VDF : 7.10.13.130 2048 Bytes 04/11/2010 17:04:29 VBASE028.VDF : 7.10.13.131 2048 Bytes 04/11/2010 17:04:29 VBASE029.VDF : 7.10.13.132 2048 Bytes 04/11/2010 17:04:30 VBASE030.VDF : 7.10.13.133 2048 Bytes 04/11/2010 17:04:30 VBASE031.VDF : 7.10.13.145 130048 Bytes 05/11/2010 19:15:28 Version du moteur : 8.2.4.92 AEVDF.DLL : 8.1.2.1 106868 Bytes 17/08/2010 12:38:53 AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 04/11/2010 17:04:34 AESCN.DLL : 8.1.6.1 127347 Bytes 17/08/2010 12:38:52 AESBX.DLL : 8.1.3.1 254324 Bytes 17/08/2010 12:38:52 AERDL.DLL : 8.1.9.2 635252 Bytes 01/11/2010 15:30:39 AEPACK.DLL : 8.2.3.11 471416 Bytes 01/11/2010 15:30:38 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 17/08/2010 12:38:52 AEHEUR.DLL : 8.1.2.38 2990455 Bytes 04/11/2010 17:04:33 AEHELP.DLL : 8.1.14.0 246134 Bytes 01/11/2010 15:30:36 AEGEN.DLL : 8.1.3.24 401781 Bytes 04/11/2010 17:04:31 AEEMU.DLL : 8.1.2.0 393588 Bytes 17/08/2010 12:38:45 AECORE.DLL : 8.1.17.0 196982 Bytes 01/11/2010 15:30:35 AEBB.DLL : 8.1.1.0 53618 Bytes 17/08/2010 12:38:45 AVWINLL.DLL : 10.0.0.0 19304 Bytes 17/08/2010 12:38:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 17/08/2010 12:38:55 AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:52 AVREG.DLL : 10.0.3.2 53096 Bytes 17/08/2010 12:38:56 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 17/08/2010 12:38:56 AVARKT.DLL : 10.0.0.14 227176 Bytes 17/08/2010 12:38:54 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 17/08/2010 12:38:55 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:28:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 17/08/2010 12:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:28:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 11/02/2010 00:23:03 RCTEXT.DLL : 10.0.58.0 99688 Bytes 17/08/2010 12:39:11 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: marche Programmes en cours étendus...................: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : vendredi 5 novembre 2010 20:18 La recherche d'objets cachés commence. La recherche sur les processus démarrés commence : Processus de recherche 'vssvc.exe' - '48' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '79' module(s) sont contrôlés Processus de recherche 'wuauclt.exe' - '34' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '64' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '36' module(s) sont contrôlés Processus de recherche 'PresentationFontCache.exe' - '30' module(s) sont contrôlés Processus de recherche 'CFSwMgr.exe' - '68' module(s) sont contrôlés Processus de recherche 'SynToshiba.exe' - '22' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '36' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '48' module(s) sont contrôlés Processus de recherche '9props.exe' - '41' module(s) sont contrôlés Processus de recherche 'TOSCDSPD.exe' - '16' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '53' module(s) sont contrôlés Processus de recherche 'OpWareSE4.exe' - '17' module(s) sont contrôlés Processus de recherche 'ToshibaRegistration.exe' - '67' module(s) sont contrôlés Processus de recherche 'NDSTray.exe' - '90' module(s) sont contrôlés Processus de recherche 'RtHDVCpl.exe' - '49' module(s) sont contrôlés Processus de recherche 'SynTPEnh.exe' - '28' module(s) sont contrôlés Processus de recherche 'SmoothView.exe' - '17' module(s) sont contrôlés Processus de recherche 'TPwrMain.exe' - '34' module(s) sont contrôlés Processus de recherche 'MSASCui.exe' - '39' module(s) sont contrôlés Processus de recherche 'Explorer.EXE' - '131' module(s) sont contrôlés Processus de recherche 'Dwm.exe' - '37' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '80' module(s) sont contrôlés Processus de recherche 'SearchIndexer.exe' - '62' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '27' module(s) sont contrôlés Processus de recherche 'ULCDRSvr.exe' - '5' module(s) sont contrôlés Processus de recherche 'TosBtSrv.exe' - '25' module(s) sont contrôlés Processus de recherche 'TosCoSrv.exe' - '26' module(s) sont contrôlés Processus de recherche 'TODDSrv.exe' - '23' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '44' module(s) sont contrôlés Processus de recherche 'avshadow.exe' - '33' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '39' module(s) sont contrôlés Processus de recherche 'CFSvcs.exe' - '65' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '75' module(s) sont contrôlés Processus de recherche 'agrsmsvc.exe' - '16' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '57' module(s) sont contrôlés Processus de recherche 'sched.exe' - '56' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '85' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '93' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '82' module(s) sont contrôlés Processus de recherche 'SLsvc.exe' - '23' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '158' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '111' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '61' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '52' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '33' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '40' module(s) sont contrôlés Processus de recherche 'lsm.exe' - '22' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '60' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '31' module(s) sont contrôlés Processus de recherche 'services.exe' - '33' module(s) sont contrôlés Processus de recherche 'wininit.exe' - '26' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '14' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '14' module(s) sont contrôlés Processus de recherche 'smss.exe' - '2' module(s) sont contrôlés La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '345' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <Vista> Fin de la recherche : vendredi 5 novembre 2010 21:10 Temps nécessaire: 51:42 Minute(s) La recherche a été effectuée intégralement 19514 Les répertoires ont été contrôlés 315812 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 0 Impossible de scanner des fichiers 315812 Fichiers non infectés 1817 Les archives ont été contrôlées 0 Avertissements 0 Consignes 404666 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés log hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:17:01, on 05/11/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16982) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\SFR\Kit\9props.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Jade\Downloads\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Jade\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = SFR : téléphone portable, forfait téléphone mobile, sfr mobile adsl, opérateur de téléphonie mobile R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - Pricepirates.com - comparer de prix (file missing) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 20007 bytes
  6. jade-laurence
    Ouf oui j'ai l'impression que ça va beaucoup mieux! elle s'est comportée normalement tout l'après midi et toute la soirée. Je suppose que tu es sûr et que tout est réglé? ça m'embêtais aussi que tu restes sur un échec! Mdr Je crois qu'en ce qui concerne la sécurisation du pc je pourrais tout lire dans la rubrique concernée sur le site. Je te remercie infiniment de ta patience et du temps accordé, (j'étais prête à formater) j'ai beaucoup apprécié ton aide. Merci beaucoup Je te souhaite une bonne nuit et tu peux compter sur moi pour te poser un tas de question si besoin était ++ PS: je ne suis pas encore docteur, laisse moi 2 ans encore
  7. jade-laurence
    re je trouve bien C:\$Recycle.Bin\ et E:\$Recycle.Bin\ mais dedans il n'y a que la corbeille à chaque fois pas la série de chiffres suivante!
  8. jade-laurence
    C'est encore moi! j'ai fait ce qui a été dit et t'envoie les rapports pour boucler la boucle. merci de ta patience. A demain voici le rapport de Tcleaner [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\TB.txt: trouvé ! C:\_OTM: trouvé ! C:\Toolbar SD: trouvé ! C:\UsbFix: trouvé ! C:\Rsit: trouvé ! C:\Ad-remover: trouvé ! C:\Ad-Remover\Backup\Ad-R.exe: trouvé ! C:\Program Files\trend micro\HijackThis.exe: trouvé ! C:\Program Files\trend micro\hijackthis.log: trouvé ! C:\Users\Jade\Desktop\OTM.exe: trouvé ! C:\Users\Jade\Desktop\HijackThis.exe: trouvé ! C:\Users\Jade\Desktop\Ad-R.exe: trouvé ! C:\Users\Jade\Desktop\ToolBarSD.exe: trouvé ! C:\Users\Jade\Desktop\hijackthis.log: trouvé ! C:\Users\Jade\Desktop\UsbFix.exe: trouvé ! C:\Users\Jade\Desktop\Rsit.exe: trouvé ! C:\Users\Jade\Downloads\HijackThis.exe: trouvé ! --------------------------------- --> Suppression: C:\Ad-Remover\Backup\Ad-R.exe: supprimé ! C:\Program Files\trend micro\HijackThis.exe: supprimé ! C:\Users\Jade\Desktop\OTM.exe: supprimé ! C:\Users\Jade\Desktop\HijackThis.exe: supprimé ! C:\Users\Jade\Desktop\Ad-R.exe: supprimé ! C:\Users\Jade\Desktop\ToolBarSD.exe: supprimé ! C:\Users\Jade\Downloads\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\TB.txt: supprimé ! C:\Program Files\trend micro\hijackthis.log: supprimé ! C:\Users\Jade\Desktop\hijackthis.log: supprimé ! C:\Users\Jade\Desktop\UsbFix.exe: supprimé ! C:\Users\Jade\Desktop\Rsit.exe: supprimé ! C:\_OTM: supprimé ! C:\Toolbar SD: supprimé ! C:\UsbFix: supprimé ! C:\Rsit: supprimé ! C:\Ad-remover: supprimé ! J'en ai profité pour nettoyer les autres supports USB que je n'avais pas la première fois. Voici le rapport de suppression Usbfix ############################## | Usbfix 7.004 | [suppression] Utilisateur: Jade (Administrateur) # BDX2 [TOSHIBA Satellite A100] Mis à jour le 04/06/10 par El Desaparecido / C_XX Lancé à 01:01:39 | 05/06/2010 Site Web: http://pagesperso-orange.fr/NosTools/index.html Contact: [email protected] CPU: Intel® Core2 CPU T5500 @ 1.66GHz CPU 2: Intel® Core2 CPU T5500 @ 1.66GHz Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2 Internet Explorer 8.0.6001.18904 Pare-feu Windows: Activé RAM -> 2045 Mo C:\ (%systemdrive%) -> Disque fixe # 74 Go (41 Go libre(s) - 56%) [Vista] # NTFS D:\ -> Disque amovible # 4 Go (3 Go libre(s) - 79%) [uSB DISK] # FAT32 E:\ -> Disque fixe # 73 Go (61 Go libre(s) - 83%) [Data] # NTFS F:\ -> CD-ROM G:\ -> Disque amovible # 31 Mo (1 Mo libre(s) - 3%) [] # FAT ################## | Éléments infectieux | Non supprimé ! C:\$Recycle.Bin\S-1-5-21-4127868287-1518645093-3145336041-1000 Non supprimé ! E:\$Recycle.Bin\S-1-5-21-4127868287-1518645093-3145336041-1000 ################## | Registre | ################## | Mountpoints2 | ################## | Listing | [04/06/2010 - 19:57:45 | D ] C:\$RECYCLE.BIN [01/06/2010 - 23:59:29 | A | 2664] C:\Ad-Report-CLEAN[1].txt [01/06/2010 - 23:41:13 | A | 2631] C:\Ad-Report-SCAN[1].txt [18/09/2006 - 23:43:36 | A | 24] C:\autoexec.bat [01/06/2010 - 17:49:05 | RAD ] C:\Autorun.inf [02/01/2010 - 16:01:28 | D ] C:\Boot [11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr [18/12/2006 - 09:01:27 | RAS | 8192] C:\BOOTSECT.BAK [18/09/2006 - 23:43:37 | A | 10] C:\config.sys [01/10/2007 - 19:52:37 | D ] C:\Darty [02/11/2006 - 15:02:03 | SHD ] C:\Documents and Settings [05/06/2010 - 00:51:28 | ASH | 2145443840] C:\hiberfil.sys [24/04/2010 - 19:11:06 | RASH | 0] C:\IO.SYS [31/05/2010 - 18:06:36 | A | 127] C:\mbam-error.txt [24/04/2010 - 19:11:06 | RASH | 0] C:\MSDOS.SYS [27/08/2007 - 02:58:23 | RD ] C:\MSOCache [05/06/2010 - 00:51:25 | ASH | 2459238400] C:\pagefile.sys [19/08/2008 - 17:43:54 | D ] C:\PerfLogs [04/06/2010 - 22:34:15 | RD ] C:\Program Files [01/06/2010 - 22:51:25 | D ] C:\ProgramData [18/03/2008 - 22:31:31 | A | 25867] C:\RECUP.DOC [23/03/2008 - 18:45:27 | A | 36732] C:\RECUP1.DOC [23/03/2008 - 18:45:42 | A | 36740] C:\RECUP2.DOC [29/09/2007 - 23:06:56 | A | 167] C:\Setup.log [29/04/2009 - 14:31:19 | AH | 232] C:\sqmdata00.sqm [29/04/2009 - 23:30:07 | AH | 232] C:\sqmdata01.sqm [29/04/2009 - 23:33:04 | AH | 232] C:\sqmdata02.sqm [30/04/2009 - 23:41:54 | AH | 232] C:\sqmdata03.sqm [30/04/2009 - 23:44:04 | AH | 232] C:\sqmdata04.sqm [02/05/2009 - 22:08:57 | AH | 232] C:\sqmdata05.sqm [02/05/2009 - 22:09:23 | AH | 232] C:\sqmdata06.sqm [20/05/2009 - 18:49:58 | AH | 232] C:\sqmdata07.sqm [23/05/2009 - 17:50:40 | AH | 232] C:\sqmdata08.sqm [23/05/2009 - 17:56:47 | AH | 232] C:\sqmdata09.sqm [12/03/2009 - 22:26:07 | AH | 232] C:\sqmdata10.sqm [12/03/2009 - 22:28:01 | AH | 232] C:\sqmdata11.sqm [12/03/2009 - 22:30:35 | AH | 232] C:\sqmdata12.sqm [12/03/2009 - 22:31:48 | AH | 232] C:\sqmdata13.sqm [12/03/2009 - 22:49:13 | AH | 232] C:\sqmdata14.sqm [11/04/2009 - 19:27:21 | AH | 232] C:\sqmdata15.sqm [11/04/2009 - 19:28:16 | AH | 232] C:\sqmdata16.sqm [27/04/2009 - 02:15:32 | AH | 232] C:\sqmdata17.sqm [29/04/2009 - 00:38:02 | AH | 232] C:\sqmdata18.sqm [29/04/2009 - 00:40:34 | AH | 232] C:\sqmdata19.sqm [29/04/2009 - 14:31:19 | AH | 244] C:\sqmnoopt00.sqm [29/04/2009 - 23:30:07 | AH | 244] C:\sqmnoopt01.sqm [29/04/2009 - 23:33:04 | AH | 244] C:\sqmnoopt02.sqm [30/04/2009 - 23:41:54 | AH | 244] C:\sqmnoopt03.sqm [30/04/2009 - 23:44:04 | AH | 244] C:\sqmnoopt04.sqm [02/05/2009 - 22:08:57 | AH | 244] C:\sqmnoopt05.sqm [02/05/2009 - 22:09:23 | AH | 244] C:\sqmnoopt06.sqm [20/05/2009 - 18:49:58 | AH | 244] C:\sqmnoopt07.sqm [23/05/2009 - 17:50:40 | AH | 244] C:\sqmnoopt08.sqm [23/05/2009 - 17:56:47 | AH | 244] C:\sqmnoopt09.sqm [12/03/2009 - 22:26:07 | AH | 244] C:\sqmnoopt10.sqm [12/03/2009 - 22:28:01 | AH | 244] C:\sqmnoopt11.sqm [12/03/2009 - 22:30:35 | AH | 244] C:\sqmnoopt12.sqm [12/03/2009 - 22:31:48 | AH | 244] C:\sqmnoopt13.sqm [12/03/2009 - 22:49:13 | AH | 244] C:\sqmnoopt14.sqm [11/04/2009 - 19:27:21 | AH | 244] C:\sqmnoopt15.sqm [11/04/2009 - 19:28:16 | AH | 244] C:\sqmnoopt16.sqm [27/04/2009 - 02:15:32 | AH | 244] C:\sqmnoopt17.sqm [29/04/2009 - 00:38:02 | AH | 244] C:\sqmnoopt18.sqm [29/04/2009 - 00:40:34 | AH | 244] C:\sqmnoopt19.sqm [21/12/2006 - 10:52:52 | AH | 123] C:\SWSTAMP.TXT [12/12/2009 - 13:31:18 | AH | 111] C:\sys13026.bin [05/06/2010 - 00:33:33 | SHD ] C:\System Volume Information [05/06/2010 - 00:47:41 | A | 1525] C:\TCleaner.txt [04/06/2010 - 17:23:16 | A | 55068] C:\TDSSKiller.2.3.2.0_04.06.2010_17.22.45_log.txt [06/06/2007 - 14:27:41 | D ] C:\Toshiba [05/06/2010 - 01:02:44 | D ] C:\UsbFix [05/06/2010 - 01:02:45 | A | 4988] C:\Usbfix.txt [06/01/2008 - 20:02:11 | RD ] C:\Users [18/12/2006 - 11:30:41 | A | 475536] C:\vcredist_x86.log [04/06/2010 - 22:34:38 | D ] C:\Windows [21/12/2006 - 10:37:12 | AT | 21312] C:\_wdsuef.dmp [16/03/2010 - 21:51:00 | D ] D:\Jack Johnson - Sleep Through The Static [15/03/2010 - 19:51:50 | D ] D:\James Blunt - All The Lost Souls [16/03/2010 - 21:51:00 | D ] D:\Moriarty - Drifting letter office archive [14/03/2010 - 22:38:38 | D ] D:\James Blunt - Back To Bedlam [16/03/2010 - 21:51:00 | D ] D:\Moriarty - Gee whiz but this is a lonesome town [16/03/2010 - 21:51:00 | D ] D:\Putumayo Presents - Cafe Cubano [14/03/2010 - 21:15:12 | D ] D:\James Morrison - Undiscovered [16/03/2010 - 21:51:00 | D ] D:\Putumayo Presents_ Salsa Around The World [24/03/2010 - 07:28:10 | D ] D:\Röyksopp - Melody A.M [16/03/2010 - 21:51:00 | D ] D:\Putumayo World Music - Afro-Latin Party [16/03/2010 - 21:51:00 | D ] D:\Tango Around The World [04/03/2010 - 19:27:52 | D ] D:\Various Artists - Putumayo Presents Acoustic Arabia [05/03/2010 - 13:09:56 | D ] D:\Various - Hotel Costes 12 [15/03/2010 - 20:56:50 | D ] D:\Vanessa Paradis - Best Of [01/06/2010 - 17:49:01 | D ] E:\$RECYCLE.BIN [12/12/2009 - 02:25:02 | D ] E:\anapath [01/06/2010 - 17:49:05 | RAD ] E:\Autorun.inf [03/06/2009 - 11:48:08 | D ] E:\bigbang [11/12/2007 - 22:05:38 | A | 670720] E:\biochimie[1].ppt [16/04/2009 - 23:39:08 | D ] E:\biomatériaux [16/03/2010 - 00:01:53 | D ] E:\chir buc [07/03/2010 - 20:43:07 | D ] E:\D3 [03/11/2007 - 19:21:32 | A | 2906518] E:\diagramme_de_phase[1].pdf [03/11/2007 - 19:15:12 | D ] E:\embryo [15/09/2006 - 06:16:01 | A | 11] E:\H07049FR.tag [31/03/2009 - 23:29:14 | D ] E:\histo [14/04/2010 - 16:35:56 | D ] E:\immuno [12/04/2010 - 22:56:34 | D ] E:\internat [12/04/2010 - 22:56:42 | D ] E:\lsf [01/11/2008 - 12:48:07 | A | 4111872] E:\mal_tractus_digestif[1].ppt [31/03/2009 - 23:26:25 | D ] E:\microbio [26/11/2009 - 13:35:54 | D ] E:\mémoire anapat [08/09/2009 - 21:35:27 | D ] E:\OCE [30/04/2010 - 22:13:20 | D ] E:\oce D2 [07/12/2009 - 01:18:23 | D ] E:\odf D2 [08/12/2009 - 18:46:37 | D ] E:\ODF D3 [31/03/2009 - 23:26:07 | D ] E:\odonto chir [01/02/2009 - 19:31:18 | D ] E:\PAP [05/12/2009 - 01:27:08 | D ] E:\paro [30/01/2010 - 12:18:15 | D ] E:\partitions [31/03/2009 - 23:29:14 | D ] E:\patho [21/03/2010 - 16:49:31 | D ] E:\patho med D2 [24/04/2010 - 20:13:51 | D ] E:\pedo [29/04/2010 - 08:51:38 | D ] E:\PF [07/02/2010 - 13:28:09 | D ] E:\pharmaco [21/03/2010 - 16:53:00 | D ] E:\pharmacoD2 [19/12/2009 - 00:01:38 | D ] E:\photos [15/04/2009 - 23:09:37 | D ] E:\SP [09/12/2009 - 22:40:23 | D ] E:\SPD2 [06/06/2007 - 12:56:03 | SHD ] E:\System Volume Information [02/04/2009 - 14:10:52 | D ] E:\séméio [07/02/2010 - 13:51:53 | D ] E:\T1 [29/07/2005 - 18:53:44 | RH | 0] G:\MEMSTICK.IND [17/09/2005 - 16:02:38 | D ] G:\DCIM [17/09/2005 - 16:02:38 | D ] G:\MISC ################## | Vaccin | C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX) D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX) E:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX) G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_BDX2.zip http://chiquitine.changelog.fr/Sample/Upload.php Merci de votre contribution. ################## | E.O.F |
  9. jade-laurence
    voici l'ultime rapport j'espère! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:40:04, on 04/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\VM_STI.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Jade\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUpldfr-fr.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7214 bytes
  10. jade-laurence
    coucou, voici le rapport de virus total: Fichier atapi.sys reçu le 2010.06.04 19:13:15 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 5.0.0.26 2010.06.04 - AhnLab-V3 2010.06.04.02 2010.06.04 - AntiVir 8.2.2.6 2010.06.04 - Antiy-AVL 2.0.3.7 2010.06.04 - Authentium 5.2.0.5 2010.06.04 - Avast 4.8.1351.0 2010.06.04 - Avast5 5.0.332.0 2010.06.04 - AVG 9.0.0.787 2010.06.04 - BitDefender 7.2 2010.06.04 - CAT-QuickHeal 10.00 2010.06.04 - ClamAV 0.96.0.3-git 2010.06.04 - Comodo 4985 2010.06.04 - DrWeb 5.0.2.03300 2010.06.04 - eSafe 7.0.17.0 2010.06.03 - eTrust-Vet 35.2.7528 2010.06.04 - F-Prot 4.6.0.103 2010.06.04 - F-Secure 9.0.15370.0 2010.06.04 - Fortinet 4.1.133.0 2010.06.04 - GData 21 2010.06.04 - Ikarus T3.1.1.84.0 2010.06.04 - Jiangmin 13.0.900 2010.06.04 - Kaspersky 7.0.0.125 2010.06.04 - McAfee 5.400.0.1158 2010.06.04 - McAfee-GW-Edition 2010.1 2010.06.04 - Microsoft 1.5802 2010.06.04 - NOD32 5173 2010.06.04 - Norman 6.04.12 2010.06.04 - nProtect 2010-06-04.01 2010.06.04 - Panda 10.0.2.7 2010.06.04 - PCTools 7.0.3.5 2010.06.04 - Prevx 3.0 2010.06.04 - Rising 22.50.04.04 2010.06.04 - Sophos 4.53.0 2010.06.04 - Sunbelt 6406 2010.06.04 - Symantec 20101.1.0.89 2010.06.04 - TheHacker 6.5.2.0.292 2010.06.04 - TrendMicro 9.120.0.1004 2010.06.04 - TrendMicro-HouseCall 9.120.0.1004 2010.06.04 - VBA32 3.12.12.5 2010.06.04 - ViRobot 2010.6.4.2337 2010.06.04 - VirusBuster 5.0.27.0 2010.06.04 - Information additionnelle File size: 19944 bytes MD5...: 1f05b78ab91c9075565a9d8a4b880bc4 SHA1..: 218442cd7afecbc8d102c4e31d9ef3528642191b SHA256: 737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd ssdeep: 384:zzY0Vgd1RrKzBpWk4UwWFSn8G6FuT+quHpBjbOjBMwzt8:zz/Vgd1gzQUSuB<br>xkMwzt8<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5005<br>timedatestamp.....: 0x49e01eed (Sat Apr 11 04:39:09 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x19b0 0x1a00 6.30 4ac8c9f82cf23d85316bd85d3d8e4efb<br>.rdata 0x3000 0xae 0x200 1.49 3d541e69f96e97a837841ad289adeac7<br>.data 0x4000 0xc 0x200 0.18 7c80b151582aa6280e754b477343e54e<br>INIT 0x5000 0x364 0x400 4.51 f238fffd3a9917d72f4888f4276b3b06<br>.rsrc 0x6000 0x3f8 0x400 3.38 5c8a106a7c9416fb469c83dfab844abd<br>.reloc 0x7000 0x8a 0x200 1.37 064d7db7c16955d4dc6d3f7afb703e06<br><br>( 2 imports ) <br>> ataport.SYS: AtaPortNotification, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortMoveMemory, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortUshort, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange<br>> NTOSKRNL.exe: KeTickCount<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: © Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: ATAPI IDE Miniport Driver<br>original name: atapi.sys<br>internal name: atapi.sys<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> Antivirus Version Dernière mise à jour Résultat a-squared 5.0.0.26 2010.06.04 - AhnLab-V3 2010.06.04.02 2010.06.04 - AntiVir 8.2.2.6 2010.06.04 - Antiy-AVL 2.0.3.7 2010.06.04 - Authentium 5.2.0.5 2010.06.04 - Avast 4.8.1351.0 2010.06.04 - Avast5 5.0.332.0 2010.06.04 - AVG 9.0.0.787 2010.06.04 - BitDefender 7.2 2010.06.04 - CAT-QuickHeal 10.00 2010.06.04 - ClamAV 0.96.0.3-git 2010.06.04 - Comodo 4985 2010.06.04 - DrWeb 5.0.2.03300 2010.06.04 - eSafe 7.0.17.0 2010.06.03 - eTrust-Vet 35.2.7528 2010.06.04 - F-Prot 4.6.0.103 2010.06.04 - F-Secure 9.0.15370.0 2010.06.04 - Fortinet 4.1.133.0 2010.06.04 - GData 21 2010.06.04 - Ikarus T3.1.1.84.0 2010.06.04 - Jiangmin 13.0.900 2010.06.04 - Kaspersky 7.0.0.125 2010.06.04 - McAfee 5.400.0.1158 2010.06.04 - McAfee-GW-Edition 2010.1 2010.06.04 - Microsoft 1.5802 2010.06.04 - NOD32 5173 2010.06.04 - Norman 6.04.12 2010.06.04 - nProtect 2010-06-04.01 2010.06.04 - Panda 10.0.2.7 2010.06.04 - PCTools 7.0.3.5 2010.06.04 - Prevx 3.0 2010.06.04 - Rising 22.50.04.04 2010.06.04 - Sophos 4.53.0 2010.06.04 - Sunbelt 6406 2010.06.04 - Symantec 20101.1.0.89 2010.06.04 - TheHacker 6.5.2.0.292 2010.06.04 - TrendMicro 9.120.0.1004 2010.06.04 - TrendMicro-HouseCall 9.120.0.1004 2010.06.04 - VBA32 3.12.12.5 2010.06.04 - ViRobot 2010.6.4.2337 2010.06.04 - VirusBuster 5.0.27.0 2010.06.04 - Information additionnelle File size: 19944 bytes MD5...: 1f05b78ab91c9075565a9d8a4b880bc4 SHA1..: 218442cd7afecbc8d102c4e31d9ef3528642191b SHA256: 737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd ssdeep: 384:zzY0Vgd1RrKzBpWk4UwWFSn8G6FuT+quHpBjbOjBMwzt8:zz/Vgd1gzQUSuB<br>xkMwzt8<br> PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x5005<br>timedatestamp.....: 0x49e01eed (Sat Apr 11 04:39:09 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x19b0 0x1a00 6.30 4ac8c9f82cf23d85316bd85d3d8e4efb<br>.rdata 0x3000 0xae 0x200 1.49 3d541e69f96e97a837841ad289adeac7<br>.data 0x4000 0xc 0x200 0.18 7c80b151582aa6280e754b477343e54e<br>INIT 0x5000 0x364 0x400 4.51 f238fffd3a9917d72f4888f4276b3b06<br>.rsrc 0x6000 0x3f8 0x400 3.38 5c8a106a7c9416fb469c83dfab844abd<br>.reloc 0x7000 0x8a 0x200 1.37 064d7db7c16955d4dc6d3f7afb703e06<br><br>( 2 imports ) <br>> ataport.SYS: AtaPortNotification, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortMoveMemory, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortUshort, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange<br>> NTOSKRNL.exe: KeTickCount<br><br>( 0 exports ) <br> RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: © Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: ATAPI IDE Miniport Driver<br>original name: atapi.sys<br>internal name: atapi.sys<br>file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
  11. jade-laurence
    Voici le rapport combofix: ComboFix 10-06-03.01 - Jade 04/06/2010 19:46:48.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2045.1196 [GMT 2:00] Lancé depuis: c:\users\Jade\Desktop\ComboFix.exe SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\%appdata% . ((((((((((((((((((((((((((((( Fichiers créés du 2010-05-04 au 2010-06-04 )))))))))))))))))))))))))))))))))))) . 2010-06-04 16:46 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll 2010-06-04 16:46 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-06-04 16:46 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-06-04 16:46 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-06-04 16:46 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-06-04 16:45 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-06-04 16:44 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-04 16:44 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-04 16:44 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-06-04 16:44 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-06-04 16:44 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-06-04 16:38 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-06-04 16:38 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-06-02 16:37 . 2010-06-02 16:37 -------- d-----w- C:\_OTM 2010-06-02 15:28 . 2010-06-02 15:50 -------- d-----w- C:\ToolBar SD 2010-06-01 21:36 . 2010-06-01 21:59 -------- d-----w- C:\Ad-Remover 2010-06-01 20:51 . 2010-06-01 20:51 -------- d-----w- c:\program files\Common Files\Java 2010-06-01 20:51 . 2010-06-01 20:50 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-01 17:43 . 2010-06-01 17:43 -------- d-----w- c:\programdata\McAfee Security Scan 2010-06-01 17:43 . 2010-06-01 17:43 -------- d-----w- c:\programdata\McAfee 2010-06-01 17:43 . 2010-06-01 17:43 -------- d-----w- c:\program files\McAfee Security Scan 2010-06-01 17:39 . 2010-06-02 12:59 -------- d-----w- c:\users\Jade\AppData\Local\Adobe 2010-06-01 17:33 . 2010-06-01 17:33 -------- d-----w- c:\users\Jade\AppData\Roaming\DeviceDoctorSoftware 2010-06-01 17:32 . 2010-06-01 17:32 -------- d-----w- c:\program files\Device Doctor 2010-06-01 17:03 . 2010-06-01 19:28 -------- d-----w- c:\programdata\NOS 2010-06-01 16:13 . 2010-06-01 16:13 -------- d-----w- c:\users\Jade\AppData\Local\Apple 2010-06-01 13:39 . 2010-06-01 16:12 -------- d-----w- C:\Usbfix 2010-06-01 10:58 . 2010-06-01 16:15 -------- d-----w- c:\program files\trend micro 2010-06-01 10:58 . 2010-06-01 10:58 -------- d-----w- C:\rsit . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-04 17:40 . 2006-11-02 15:48 678956 ----a-w- c:\windows\system32\perfh00C.dat 2010-06-04 17:40 . 2006-11-02 15:48 128004 ----a-w- c:\windows\system32\perfc00C.dat 2010-06-04 16:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-04 16:50 . 2007-08-27 00:59 -------- d-----w- c:\programdata\Microsoft Help 2010-06-04 15:42 . 2007-06-06 13:58 25070 ----a-w- c:\users\Jade\AppData\Roaming\nvModes.dat 2010-06-04 15:38 . 2006-11-02 08:52 22632 ----a-w- c:\windows\system32\drivers\crcdisk.sys 2010-06-02 14:53 . 2007-06-06 12:26 2032 ----a-w- c:\users\Jade\AppData\Local\d3d9caps.dat 2010-06-01 20:50 . 2006-12-18 07:31 -------- d-----w- c:\program files\Java 2010-06-01 19:35 . 2007-08-20 12:41 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-01 17:35 . 2007-06-06 12:27 112408 ----a-w- c:\users\Jade\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-31 16:06 . 2010-04-15 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-31 15:04 . 2006-12-18 10:10 -------- d-----w- c:\program files\Symantec 2010-05-31 15:03 . 2006-12-18 10:09 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-05-26 17:46 . 2008-02-04 21:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-26 09:32 . 2008-02-04 21:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-05-21 12:14 . 2009-10-02 16:51 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-29 13:39 . 2010-04-15 21:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2010-04-15 21:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-15 21:13 . 2010-04-15 21:13 -------- d-----w- c:\users\Jade\AppData\Roaming\Malwarebytes 2010-04-15 21:12 . 2010-04-15 21:12 -------- d-----w- c:\programdata\Malwarebytes 2010-04-11 20:06 . 2010-04-11 20:06 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-04-11 20:03 . 2010-04-11 20:00 -------- d-----w- c:\program files\Google 2010-04-11 19:59 . 2010-04-11 19:59 -------- d-----w- c:\program files\Lavasoft 2010-04-11 19:59 . 2010-04-11 19:59 -------- dc-h--w- c:\programdata\{52AC600B-5800-407E-99FF-83CD0669760B} 2010-04-11 19:59 . 2008-02-04 22:04 -------- d-----w- c:\programdata\Lavasoft 2010-04-11 19:34 . 2010-04-11 19:34 -------- d-----w- c:\programdata\Avira 2010-04-11 19:34 . 2010-04-11 19:34 -------- d-----w- c:\program files\Avira 2010-04-08 20:55 . 2010-04-08 20:54 -------- d-----w- c:\program files\CCleaner . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 3772416] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "HonorAutoRunSetting"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DSLMON.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk backup=c:\windows\pss\DSLMON.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain] 2006-12-11 16:27 530552 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras] 2007-01-10 20:34 188416 ----a-w- c:\windows\adiras.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] 2006-12-07 15:49 55416 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] 2005-12-16 01:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-12-07 19:25 7766016 ----a-w- c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-12-07 19:25 81920 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2006-12-07 19:25 90191 ----a-w- c:\windows\System32\nvsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2006-11-07 13:50 3772416 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2006-12-14 18:09 493688 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-12-06 08:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] 2006-12-15 16:11 577536 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] 2006-12-14 18:07 411768 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):2f,5c,42,64,b3,8b,ca,01 R2 dajvkkoj;Synaptics TouchPad Monitor;c:\windows\System32\svchost.exe [2008-01-19 21504] R2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\Drivers\adildr.sys [2007-01-10 56088] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 135664] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-23 449536] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-05 64288] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-26 1314704] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs dajvkkoj . Contenu du dossier 'Tâches planifiées' 2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 20:00] 2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 20:00] 2010-06-04 c:\windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Examen supplémentaire ------- . mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR Trusted Zone: lcl.fr\particuliers.secure FF - ProfilePath - c:\users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\1c1izrwy.default\ FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHELINS SUPPRIMES - - - - BHO-{E06C4762-2E31-4AC7-9020-885E5C37C8AD} - c:\windows\system32\uybfocz.dll ShellIconOverlayIdentifiers-{E06C4762-2E31-4AC7-9020-885E5C37C8AD} - c:\windows\system32\uybfocz.dll SafeBoot-klmdb.sys MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-NDSTray - NDSTray.exe MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\agrsmsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\windows\System32\rundll32.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\iPod\bin\iPodService.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2010-06-04 20:06:41 - La machine a redémarré ComboFix-quarantined-files.txt 2010-06-04 18:06 Avant-CF: 44 502 536 192 octets libres Après-CF: 44 215 263 232 octets libres - - End Of File - - C99FA8B59A596EF22D823DBA40A3B5C5
  12. jade-laurence
    Ca y est j'ai fait les mises à jours importantes. je suis pête pour la suite .
  13. jade-laurence
    salut, la machine a l'air de mieux fonctionner oui! déjà je peux lancer windows update le démarrage est normal mais je ne sais pas si c'est définitif puisque vista depuis otm avait démarré au petit bonheur la chance. peux tu m'expliquer ce qui s'est passé et est ce que je dois toujours en parler à marie? là je vais installer les mises à jour windows
  14. jade-laurence
    voici le rapport: 17:22:45:349 3956 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 17:22:45:349 3956 ================================================================================ 17:22:45:349 3956 SystemInfo: 17:22:45:349 3956 OS Version: 6.0.6002 ServicePack: 2.0 17:22:45:349 3956 Product type: Workstation 17:22:45:349 3956 ComputerName: BDX2 17:22:45:350 3956 UserName: Jade 17:22:45:350 3956 Windows directory: C:\Windows 17:22:45:350 3956 Processor architecture: Intel x86 17:22:45:350 3956 Number of processors: 2 17:22:45:350 3956 Page size: 0x1000 17:22:45:351 3956 Boot type: Normal boot 17:22:45:351 3956 ================================================================================ 17:22:45:952 3956 Initialize success 17:22:45:952 3956 17:22:45:952 3956 Scanning Services ... 17:22:47:247 3956 Raw services enum returned 430 services 17:22:47:261 3956 17:22:47:261 3956 Scanning Drivers ... 17:22:49:020 3956 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 17:22:49:109 3956 adiusbaw (5609b325404f0bb0eabec05f1bc62116) C:\Windows\system32\DRIVERS\adiusbaw.sys 17:22:49:200 3956 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 17:22:49:275 3956 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 17:22:49:452 3956 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 17:22:49:517 3956 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 17:22:49:690 3956 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 17:22:50:047 3956 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\Windows\system32\DRIVERS\AGRSM.sys 17:22:50:181 3956 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 17:22:50:219 3956 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 17:22:50:247 3956 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 17:22:50:280 3956 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 17:22:50:303 3956 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 17:22:50:349 3956 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 17:22:50:463 3956 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 17:22:50:521 3956 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 17:22:50:616 3956 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 17:22:50:713 3956 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 17:22:50:801 3956 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 17:22:50:917 3956 athrusb (59db74ef3b328852a736578dff3fcad6) C:\Windows\system32\DRIVERS\athrusb.sys 17:22:51:008 3956 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 17:22:51:077 3956 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 17:22:51:141 3956 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys 17:22:51:220 3956 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 17:22:51:370 3956 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 17:22:51:439 3956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 17:22:51:503 3956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 17:22:51:556 3956 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 17:22:51:609 3956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 17:22:51:678 3956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 17:22:51:782 3956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 17:22:51:832 3956 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 17:22:51:938 3956 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 17:22:52:087 3956 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 17:22:52:165 3956 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 17:22:52:277 3956 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 17:22:52:414 3956 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 17:22:52:468 3956 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 17:22:52:520 3956 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 17:22:52:600 3956 crcdisk (205074703c51379317c92c53ff3c7a2f) C:\Windows\system32\drivers\crcdisk.sys 17:22:52:604 3956 Suspicious file (Forged): C:\Windows\system32\drivers\crcdisk.sys. Real md5: 205074703c51379317c92c53ff3c7a2f, Fake md5: 2a213ae086bbec5e937553c7d9a2b22c 17:22:52:604 3956 File "C:\Windows\system32\drivers\crcdisk.sys" infected by TDSS rootkit ... 17:22:52:723 3956 Backup copy found, using it.. 17:22:52:735 3956 will be cured on next reboot 17:22:52:949 3956 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 17:22:53:064 3956 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 17:22:53:118 3956 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 17:22:53:184 3956 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 17:22:53:311 3956 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys 17:22:53:465 3956 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys 17:22:53:549 3956 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 17:22:53:645 3956 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 17:22:53:788 3956 ELOADER (8dbfd1ed1ec1ee6c3977532912b18c21) C:\Windows\system32\Drivers\adildr.sys 17:22:53:873 3956 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 17:22:53:955 3956 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 17:22:54:039 3956 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 17:22:54:123 3956 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 17:22:54:243 3956 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 17:22:54:367 3956 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 17:22:54:450 3956 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 17:22:54:527 3956 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 17:22:54:618 3956 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 17:22:54:745 3956 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys 17:22:54:839 3956 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 17:22:54:924 3956 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys 17:22:55:078 3956 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 17:22:55:237 3956 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 17:22:55:344 3956 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 17:22:55:424 3956 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 17:22:55:495 3956 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 17:22:55:588 3956 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 17:22:55:709 3956 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 17:22:55:784 3956 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 17:22:55:973 3956 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 17:22:56:074 3956 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 17:22:56:142 3956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 17:22:56:294 3956 IntcAzAudAddService (2690be9907b36b7c3ea2859c74926fa1) C:\Windows\system32\drivers\RTKVHDA.sys 17:22:56:470 3956 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 17:22:56:544 3956 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 17:22:56:667 3956 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:22:56:791 3956 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 17:22:56:907 3956 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 17:22:57:005 3956 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 17:22:57:096 3956 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 17:22:57:200 3956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 17:22:57:295 3956 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 17:22:57:384 3956 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 17:22:57:512 3956 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 17:22:57:587 3956 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 17:22:57:679 3956 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys 17:22:57:773 3956 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys 17:22:57:886 3956 KR10N (0f9e83709cbb60b1549f3a65d0ab6e4f) C:\Windows\system32\drivers\kr10n.sys 17:22:58:004 3956 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 17:22:58:118 3956 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys 17:22:58:207 3956 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 17:22:58:284 3956 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 17:22:58:350 3956 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 17:22:58:423 3956 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 17:22:58:506 3956 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 17:22:58:580 3956 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 17:22:58:666 3956 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 17:22:58:760 3956 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 17:22:58:855 3956 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 17:22:58:903 3956 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 17:22:58:980 3956 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 17:22:59:087 3956 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 17:22:59:197 3956 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 17:22:59:275 3956 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 17:22:59:358 3956 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 17:22:59:472 3956 mrxsmb (66de1a2b389a1969ca1751b276108e45) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:22:59:566 3956 mrxsmb10 (346611d7523b520faa86b76753cc9874) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:22:59:669 3956 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:22:59:744 3956 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 17:22:59:797 3956 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 17:22:59:914 3956 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 17:23:00:046 3956 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 17:23:00:296 3956 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 17:23:00:612 3956 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 17:23:00:665 3956 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 17:23:00:759 3956 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 17:23:00:932 3956 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 17:23:01:026 3956 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 17:23:01:111 3956 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 17:23:01:194 3956 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 17:23:01:309 3956 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 17:23:01:457 3956 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 17:23:01:571 3956 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 17:23:01:643 3956 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 17:23:01:728 3956 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 17:23:01:800 3956 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 17:23:01:893 3956 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 17:23:02:066 3956 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys 17:23:02:344 3956 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 17:23:02:527 3956 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 17:23:02:616 3956 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 17:23:02:704 3956 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 17:23:02:858 3956 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 17:23:02:964 3956 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 17:23:03:106 3956 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 17:23:03:378 3956 nvlddmkm (b02587fa997723297384c95f424e78fa) C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:23:03:615 3956 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 17:23:03:735 3956 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 17:23:03:906 3956 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 17:23:04:085 3956 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 17:23:04:177 3956 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 17:23:04:260 3956 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 17:23:04:347 3956 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 17:23:04:473 3956 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 17:23:04:661 3956 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 17:23:04:898 3956 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 17:23:05:192 3956 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 17:23:05:619 3956 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 17:23:05:953 3956 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 17:23:06:206 3956 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 17:23:06:559 3956 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 17:23:06:810 3956 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 17:23:06:894 3956 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 17:23:06:992 3956 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 17:23:07:082 3956 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:23:07:353 3956 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 17:23:07:419 3956 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 17:23:07:692 3956 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 17:23:07:965 3956 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:23:08:063 3956 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 17:23:08:111 3956 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 17:23:08:188 3956 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 17:23:08:338 3956 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 17:23:08:414 3956 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 17:23:08:497 3956 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 17:23:08:577 3956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 17:23:08:694 3956 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 17:23:08:782 3956 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 17:23:08:867 3956 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 17:23:08:954 3956 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 17:23:09:015 3956 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 17:23:09:128 3956 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 17:23:09:203 3956 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 17:23:09:270 3956 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 17:23:09:330 3956 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 17:23:09:380 3956 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 17:23:09:463 3956 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 17:23:09:619 3956 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 17:23:09:745 3956 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys 17:23:09:941 3956 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys 17:23:10:131 3956 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 17:23:10:208 3956 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys 17:23:10:283 3956 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 17:23:10:348 3956 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 17:23:10:463 3956 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 17:23:10:549 3956 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 17:23:10:643 3956 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys 17:23:10:777 3956 Tcpip (da467e7619ae5f4588e6262c13c8940a) C:\Windows\system32\drivers\tcpip.sys 17:23:10:991 3956 Tcpip6 (da467e7619ae5f4588e6262c13c8940a) C:\Windows\system32\DRIVERS\tcpip.sys 17:23:11:062 3956 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 17:23:11:137 3956 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys 17:23:11:221 3956 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 17:23:11:336 3956 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 17:23:11:451 3956 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 17:23:11:523 3956 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 17:23:11:600 3956 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys 17:23:11:698 3956 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\drivers\Tosrfcom.sys 17:23:11:783 3956 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys 17:23:11:880 3956 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:23:11:992 3956 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 17:23:12:057 3956 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 17:23:12:233 3956 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 17:23:12:340 3956 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 17:23:12:427 3956 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 17:23:12:515 3956 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 17:23:12:644 3956 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 17:23:12:752 3956 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 17:23:12:832 3956 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 17:23:12:923 3956 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 17:23:13:053 3956 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 17:23:13:144 3956 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 17:23:13:244 3956 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 17:23:13:362 3956 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 17:23:13:444 3956 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 17:23:13:563 3956 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 17:23:13:688 3956 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 17:23:13:754 3956 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:23:13:855 3956 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 17:23:13:933 3956 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 17:23:14:056 3956 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 17:23:14:159 3956 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 17:23:14:242 3956 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 17:23:14:318 3956 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 17:23:14:405 3956 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 17:23:14:527 3956 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 17:23:14:686 3956 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 17:23:14:764 3956 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 17:23:14:819 3956 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 17:23:14:955 3956 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:23:14:963 3956 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 17:23:15:058 3956 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 17:23:15:164 3956 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 17:23:15:325 3956 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 17:23:15:422 3956 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 17:23:15:545 3956 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 17:23:15:618 3956 ZSMC301b (7481637a50a0468cf46c719672bc7eaa) C:\Windows\system32\Drivers\usbVM31b.sys 17:23:15:624 3956 Reboot required for cure complete.. 17:23:16:070 3956 Cure on reboot scheduled successfully 17:23:16:070 3956 17:23:16:070 3956 Completed 17:23:16:071 3956 17:23:16:071 3956 Results: 17:23:16:072 3956 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 17:23:16:072 3956 File objects infected / cured / cured on reboot: 1 / 0 / 1 17:23:16:073 3956 17:23:16:077 3956 KLMD(ARK) unloaded successfully
  15. jade-laurence
    salut voici le rapport: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-04 17:01:41 Windows 6.0.6002 Service Pack 2 Running: 9lyfhpmz.exe; Driver: C:\Users\Jade\AppData\Local\Temp\ugldqpob.sys ---- System - GMER 1.0.15 ---- SSDT 9D35AC3C ZwCreateThread SSDT 9D35AC28 ZwOpenProcess SSDT 9D35AC2D ZwOpenThread SSDT 9D35AC37 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 411 828BFA08 4 Bytes [3C, AC, 35, 9D] .text ntoskrnl.exe!KeInsertQueue + 5E1 828BFBD8 4 Bytes [28, AC, 35, 9D] .text ntoskrnl.exe!KeInsertQueue + 5FD 828BFBF4 4 Bytes [2D, AC, 35, 9D] .text ntoskrnl.exe!KeInsertQueue + 811 828BFE08 4 Bytes [37, AC, 35, 9D] .rsrc C:\Windows\system32\drivers\crcdisk.sys entry point in ".rsrc" section [0x88DD3014] .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C806340, 0x2926E7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[1924] ntdll.dll!NtProtectVirtualMemory 77774D34 5 Bytes JMP 0014000A .text C:\Windows\system32\svchost.exe[1924] ntdll.dll!NtWriteVirtualMemory 77775674 5 Bytes JMP 0015000A .text C:\Windows\system32\svchost.exe[1924] ntdll.dll!KiUserExceptionDispatcher 77775DC8 5 Bytes JMP 0012000A .text C:\Windows\system32\svchost.exe[1924] ole32.dll!CoCreateInstance 77429EA6 5 Bytes JMP 00B1000A .text C:\Windows\system32\svchost.exe[1924] USER32.dll!GetCursorPos 76BB0B88 5 Bytes JMP 014E000A .text C:\Windows\Explorer.EXE[3024] ntdll.dll!NtProtectVirtualMemory 77774D34 5 Bytes JMP 0020000A .text C:\Windows\Explorer.EXE[3024] ntdll.dll!NtWriteVirtualMemory 77775674 5 Bytes JMP 0021000A .text C:\Windows\Explorer.EXE[3024] ntdll.dll!KiUserExceptionDispatcher 77775DC8 5 Bytes JMP 001F000A .text C:\Windows\system32\wuauclt.exe[3632] ntdll.dll!NtProtectVirtualMemory 77774D34 5 Bytes JMP 0022000A .text C:\Windows\system32\wuauclt.exe[3632] ntdll.dll!NtWriteVirtualMemory 77775674 5 Bytes JMP 0023000A .text C:\Windows\system32\wuauclt.exe[3632] ntdll.dll!KiUserExceptionDispatcher 77775DC8 5 Bytes JMP 0021000A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74737817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7478A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7473BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7472F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7472E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74768395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7473DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7472FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7472FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7475C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7472D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74726853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7472687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74732AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) Device -> \Driver\atapi \Device\Harddisk0\DR0 864A1AC8 ---- Files - GMER 1.0.15 ---- File C:\Windows\system32\drivers\crcdisk.sys suspicious modification File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----
×
×
  • Créer...