ciocciu

ok aucun pb... merci pour ton aide et tout ce que tu as fait pour moi et pour les autres... à bientôt laurent

salut voici le rapport TDSSkiller 2010/09/15 09:29:28.0140 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/15 09:29:28.0140 ================================================================================ 2010/09/15 09:29:28.0140 SystemInfo: 2010/09/15 09:29:28.0140 2010/09/15 09:29:28.0140 OS Version: 5.1.2600 ServicePack: 2.0 2010/09/15 09:29:28.0140 Product type: Workstation 2010/09/15 09:29:28.0140 ComputerName: LOLO-EEBF1AD74A 2010/09/15 09:29:28.0140 UserName: lolo 2010/09/15 09:29:28.0140 Windows directory: C:\WINDOWS 2010/09/15 09:29:28.0140 System windows directory: C:\WINDOWS 2010/09/15 09:29:28.0140 Processor architecture: Intel x86 2010/09/15 09:29:28.0140 Number of processors: 1 2010/09/15 09:29:28.0140 Page size: 0x1000 2010/09/15 09:29:28.0140 Boot type: Normal boot 2010/09/15 09:29:28.0140 ================================================================================ 2010/09/15 09:29:28.0828 Initialize success 2010/09/15 09:29:40.0296 ================================================================================ 2010/09/15 09:29:40.0296 Scan started 2010/09/15 09:29:40.0296 Mode: Manual; 2010/09/15 09:29:40.0296 ================================================================================ 2010/09/15 09:29:41.0781 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/15 09:29:41.0843 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/09/15 09:29:41.0921 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2010/09/15 09:29:42.0000 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2010/09/15 09:29:42.0046 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 2010/09/15 09:29:42.0218 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/09/15 09:29:42.0312 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/15 09:29:42.0359 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/15 09:29:42.0625 ati2mtag (c51608bba3248be2f6d21b132910752a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/09/15 09:29:42.0937 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/15 09:29:43.0000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/15 09:29:43.0125 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/09/15 09:29:43.0187 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/09/15 09:29:43.0250 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/09/15 09:29:43.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/15 09:29:43.0375 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/15 09:29:43.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/15 09:29:43.0484 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/15 09:29:43.0515 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/15 09:29:43.0625 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/09/15 09:29:43.0656 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/09/15 09:29:43.0765 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/15 09:29:43.0859 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/15 09:29:43.0906 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/15 09:29:43.0937 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/15 09:29:44.0000 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/15 09:29:44.0046 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/15 09:29:44.0140 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/15 09:29:44.0187 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 2010/09/15 09:29:44.0250 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/15 09:29:44.0281 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/09/15 09:29:44.0343 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/09/15 09:29:44.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/15 09:29:44.0437 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/15 09:29:44.0515 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/15 09:29:44.0578 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/15 09:29:44.0687 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/15 09:29:44.0781 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/15 09:29:44.0828 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/15 09:29:44.0921 IntelIde (1367812f8a974e0c13a4888fa5e7ede6) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/09/15 09:29:44.0953 intelppm (dd5ad1e79ac26d3f8d8828ad4627f160) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/09/15 09:29:44.0984 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/09/15 09:29:45.0062 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/15 09:29:45.0093 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/15 09:29:45.0171 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/15 09:29:45.0234 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/15 09:29:45.0296 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/15 09:29:45.0390 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/15 09:29:45.0453 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/15 09:29:45.0546 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/15 09:29:45.0609 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/15 09:29:45.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/15 09:29:45.0765 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/15 09:29:45.0828 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/15 09:29:45.0906 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/15 09:29:45.0937 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/15 09:29:46.0000 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/15 09:29:46.0062 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/15 09:29:46.0125 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/15 09:29:46.0187 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/15 09:29:46.0218 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/15 09:29:46.0234 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/15 09:29:46.0281 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/15 09:29:46.0312 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/15 09:29:46.0343 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/15 09:29:46.0437 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/15 09:29:46.0468 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/15 09:29:46.0500 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/15 09:29:46.0531 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/15 09:29:46.0562 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/15 09:29:46.0593 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/15 09:29:46.0656 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/09/15 09:29:46.0687 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/15 09:29:46.0781 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/15 09:29:46.0906 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/15 09:29:46.0937 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/15 09:29:46.0968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/15 09:29:47.0046 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/09/15 09:29:47.0109 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\drivers\Parport.sys 2010/09/15 09:29:47.0140 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/15 09:29:47.0187 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/15 09:29:47.0250 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/15 09:29:47.0343 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\drivers\PCIIde.sys 2010/09/15 09:29:47.0390 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2010/09/15 09:29:47.0640 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/15 09:29:47.0750 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/15 09:29:47.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/15 09:29:48.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/15 09:29:48.0031 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/15 09:29:48.0062 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/15 09:29:48.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/15 09:29:48.0171 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/15 09:29:48.0203 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/15 09:29:48.0281 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/09/15 09:29:48.0375 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/15 09:29:48.0453 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/15 09:29:48.0562 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys 2010/09/15 09:29:48.0625 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2010/09/15 09:29:48.0765 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2010/09/15 09:29:48.0843 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/15 09:29:48.0890 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\drivers\Serial.sys 2010/09/15 09:29:48.0921 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/09/15 09:29:49.0031 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/15 09:29:49.0140 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys 2010/09/15 09:29:49.0140 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd 2010/09/15 09:29:49.0140 sptd - detected Locked file (1) 2010/09/15 09:29:49.0171 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/15 09:29:49.0328 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/15 09:29:49.0437 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/09/15 09:29:49.0546 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/15 09:29:49.0625 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/15 09:29:49.0765 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/15 09:29:49.0875 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/15 09:29:49.0937 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/15 09:29:49.0984 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/15 09:29:50.0031 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/15 09:29:50.0109 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/15 09:29:50.0203 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/15 09:29:50.0281 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/15 09:29:50.0343 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/15 09:29:50.0390 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/15 09:29:50.0468 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/09/15 09:29:50.0515 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/09/15 09:29:50.0562 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/15 09:29:50.0625 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/09/15 09:29:50.0703 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2010/09/15 09:29:50.0781 VIAudio (fece79a9aef62ad5f11a3f4a14f1dead) C:\WINDOWS\system32\drivers\vinyl97.sys 2010/09/15 09:29:50.0875 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/15 09:29:50.0968 vsdatant (f08178af47f7a2abfab0a4f5fc5c885f) C:\WINDOWS\system32\vsdatant.sys 2010/09/15 09:29:51.0203 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2010/09/15 09:29:51.0437 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/15 09:29:51.0531 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/15 09:29:51.0640 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys 2010/09/15 09:29:51.0687 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys 2010/09/15 09:29:51.0718 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys 2010/09/15 09:29:51.0750 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys 2010/09/15 09:29:51.0781 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys 2010/09/15 09:29:51.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/09/15 09:29:51.0906 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/09/15 09:29:51.0968 ================================================================================ 2010/09/15 09:29:51.0968 Scan finished 2010/09/15 09:29:51.0968 ================================================================================ 2010/09/15 09:29:51.0984 Detected object count: 1 2010/09/15 09:30:15.0484 Locked file(sptd) - User select action: Skip

salut voici le rapport MBR MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 2 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 129): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806CF000 \WINDOWS\system32\hal.dll 0xF8B64000 \WINDOWS\system32\KDCOM.DLL 0xF8A74000 \WINDOWS\system32\BOOTVID.dll 0xF846A000 spvz.sys 0xF8B66000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xF8452000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF8423000 ACPI.sys 0xF8412000 pci.sys 0xF8664000 ohci1394.sys 0xF8674000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF8684000 isapnp.sys 0xF8A78000 compbatt.sys 0xF8A7C000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF8C2C000 PCIIde.sys 0xF88E4000 \WINDOWS\System32\Drivers\PCIIDEX.SYS 0xF8B68000 intelide.sys 0xF83F4000 pcmcia.sys 0xF8694000 MountMgr.sys 0xF83D5000 ftdisk.sys 0xF8B6A000 dmload.sys 0xF83AF000 dmio.sys 0xF88EC000 PartMgr.sys 0xF86A4000 VolSnap.sys 0xF8397000 atapi.sys 0xF86B4000 disk.sys 0xF86C4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF8377000 fltMgr.sys 0xF8365000 sr.sys 0xF834E000 KSecDD.sys 0xF82C1000 Ntfs.sys 0xF8294000 NDIS.sys 0xF8279000 Mup.sys 0xF88A4000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF8244000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF7639000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF7625000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF89BC000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF7602000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF89C4000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF75F1000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xF73D5000 \SystemRoot\system32\DRIVERS\w29n51.sys 0xF73A2000 \SystemRoot\system32\drivers\vinyl97.sys 0xF737E000 \SystemRoot\system32\drivers\portcls.sys 0xF86F4000 \SystemRoot\system32\drivers\drmk.sys 0xF735B000 \SystemRoot\system32\drivers\ks.sys 0xF8704000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF89CC000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF89D4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF8714000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF8724000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF8734000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF7324000 \SystemRoot\System32\Drivers\aitksaje.SYS 0xF8D00000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF8744000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF8230000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF730D000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF8754000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF8764000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF8A3C000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF72FC000 \SystemRoot\system32\DRIVERS\psched.sys 0xF8774000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF8A44000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF8A4C000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF72CB000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF8784000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF8BA4000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF7272000 \SystemRoot\system32\DRIVERS\update.sys 0xF7A0B000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF8794000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF87C4000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF8BA6000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF8BBC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF8DBA000 \SystemRoot\System32\Drivers\Null.SYS 0xF8BBE000 \SystemRoot\System32\Drivers\Beep.SYS 0xF890C000 \SystemRoot\System32\drivers\vga.sys 0xF8BC0000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF8BC2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF8914000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF891C000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF8B44000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xEF157000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xEF0FF000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xEF0D7000 \SystemRoot\system32\DRIVERS\netbt.sys 0xEF077000 \SystemRoot\System32\vsdatant.sys 0xEF055000 \SystemRoot\System32\drivers\afd.sys 0xF87F4000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF892C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xEF00C000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF8804000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xEEFE1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xEEF72000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF8814000 \SystemRoot\System32\Drivers\Fips.SYS 0xEEF56000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF8BC8000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xF725A000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF8834000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF894C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF8844000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF895C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF7252000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xEEF16000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF8BE2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF8B34000 \SystemRoot\System32\drivers\Dxapi.sys 0xF8964000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF8D72000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF065000 \SystemRoot\System32\ati2cqag.dll 0xBF0FE000 \SystemRoot\System32\atikvmag.dll 0xBF182000 \SystemRoot\System32\atiok3x2.dll 0xBF1CD000 \SystemRoot\System32\ati3duag.dll 0xBF572000 \SystemRoot\System32\ativvaxx.dll 0xECCF3000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xECB9F000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xF89FC000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xECBC3000 \SystemRoot\system32\DRIVERS\s24trans.sys 0xF79FB000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xEC7CA000 \SystemRoot\system32\drivers\wdmaud.sys 0xEC97F000 \SystemRoot\system32\drivers\sysaudio.sys 0xEC680000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF896C000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys 0xEC418000 \SystemRoot\system32\DRIVERS\tcpip6.sys 0xEC399000 \SystemRoot\system32\DRIVERS\srv.sys 0xEBFE8000 \SystemRoot\System32\Drivers\HTTP.sys 0xEBC72000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll 0x10000000 \Program Files\Alcohol Soft\Alcohol 120\Alcoholx.dll Processes (total 35): 0 System Idle Process 4 System 564 C:\WINDOWS\system32\smss.exe 636 csrss.exe 672 C:\WINDOWS\system32\winlogon.exe 716 C:\WINDOWS\system32\services.exe 728 C:\WINDOWS\system32\lsass.exe 896 C:\WINDOWS\system32\svchost.exe 980 svchost.exe 1024 C:\WINDOWS\system32\svchost.exe 1076 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 1292 C:\WINDOWS\explorer.exe 1332 svchost.exe 1396 svchost.exe 1604 C:\WINDOWS\system32\spoolsv.exe 1656 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1904 svchost.exe 1960 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe 1968 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe 1984 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2000 C:\Program Files\HomePlayer\HomePlayer.exe 496 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 580 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 1200 C:\Program Files\Canon\IJPLM\ijplmsvc.exe 1344 C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe 1724 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 1776 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 1836 C:\WINDOWS\system32\svchost.exe 264 C:\WINDOWS\system32\wuauclt.exe 2244 alg.exe 3380 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe 3956 C:\Program Files\Mozilla Firefox\firefox.exe 2940 C:\Program Files\Mozilla Firefox\plugin-container.exe 3132 C:\WINDOWS\system32\wscntfy.exe 2256 C:\Documents and Settings\lolo\Bureau\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32) PhysicalDrive0 Model Number: ST960822A, Rev: 8.03 PhysicalDrive1 Model Number: ST3500820AS, Rev: Size Device Name MBR Status -------------------------------------------- 55 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719 465 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!

et voici le rapport ZHPdiag Cijoint.fr - Service gratuit de dépôt de fichiers

bon après moult heures j'ai interrompru et relancé la suppression FDK voici le rapport ############################## | FindyKill V5.050 | # User : lolo (Administrateurs) # LOLO-EEBF1AD74A # Update on 03/09/2010 by El Desaparecido # Start at: 21:31:27 | 13/09/2010 # Website : Bienvenue dans nos Pages Persos # Contact : FindyKill.Contact@gmail.com # Intel® Pentium® M processor 1.73GHz # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 # Internet Explorer 6.0.2900.2180 # Windows Firewall Status : Disabled # AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ] # FW : ZoneAlarm Firewall[ Enabled ]7.0.462.000 # C:\ # Disque fixe local # 52,88 Go (17,62 Go free) # NTFS # D:\ # Disque CD-ROM # E:\ # Disque fixe local # 465,7 Go (312,39 Go free) # FAT32 ################## | Eléments infectieux | Supprimé ! C:\WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf ################## | CRC32 ... | ################## | Registre | Supprimé ! [HKCU\Software\Classes\ed2k] ################## | Etat | # Mode sans echec : OK # Affichage des fichiers cachés : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | Fichiers corrompus | Corrompu : C:\Program Files\Mozilla Firefox\uninstall\helper.exe [Offset = 000000E4 - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe [Offset = 000000FC - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\repair\vsmon.exe [Offset = 0000011C - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\zatutor.exe [Offset = 000000F4 - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe [Offset = 000000CC - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [Offset = 0000010C - Valeur = 0x0001] Corrompu : C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe [Offset = 000000E4 - Valeur = 0x0001] Corrompu : C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe [Offset = 000000FC - Valeur = 0x0001] Tentative de réparation... Sauvegarde : ScanningProcess.exe.REN [Offset = 000000FC - Nouvelle valeur = 0x4C01] Fichier réparé avec succès. Corrompu : C:\WINDOWS\system32\ZoneLabs\updclient.exe [Offset = 0000010C - Valeur = 0x0001] Tentative de réparation... Sauvegarde : updclient.exe.REN [Offset = 0000010C - Nouvelle valeur = 0x4C01] Fichier réparé avec succès. Corrompu : C:\WINDOWS\system32\ZoneLabs\vsmon.exe [Offset = 0000011C - Valeur = 0x0001] Tentative de réparation... Sauvegarde : vsmon.exe.REN [Offset = 0000011C - Nouvelle valeur = 0x4C01] Fichier réparé avec succès. ################## | Upload | Veuillez envoyer le fichier : C:\FindyKill_Upload_Me_LOLO-EEBF1AD74A.zip : Upload pour UsbFix, Ad-Remover & FindyKill Merci pour votre contribution . ################## | ! Fin du rapport # FindyKill V5.050 ! |

salut (j'étais en discussion avec appolo) donc j'en suis à FDK qui est censé supprimer les infections mais qui à l'heure actuelle est bloqué sur la fenêtre "nettoyage des fichiers temporaires" et à 50% du scan progress que dois je faire? merci

c'est confirmé, c'est bloqué ça bouge plus.... je clique sur annuler on verra bien .... voilà il me reste que la fenêtre fdk avec "nettoyage des fichiers temporaires...veuillez patienter...." donc je patiente...

coucou on dirait que fdk est bloqué sur le nettoyage des fichiers temporaires la fenêtre nettoyage de disque de xp est ouverte avec" le Nettoyage de disque calcule la quantité d'espace pouvant être libéré ... sur le disque E:...." la barre d'avancement est en calcul..... et bloqué à peu près à 90% ça a pas l'air de bouger je peux cliquer sur annuler ... je fais quoi?

bizarre revo uninstaller ne voit pas ZA dans les programmes désinstallables pourtant dans démarrer/tous les programmes/ j'ai bien zonealarm ???

ok voici le rapport ############################## | FindyKill V5.050 | # User : lolo (Administrateurs) # LOLO-EEBF1AD74A # Update on 03/09/2010 by El Desaparecido # Start at: 11:15:39 | 13/09/2010 # Website : http://pagesperso-orange.fr/NosTools/index.html # Contact : FindyKill.Contact@gmail.com # Intel® Pentium® M processor 1.73GHz # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 # Internet Explorer 6.0.2900.2180 # Windows Firewall Status : Disabled # AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ] # FW : ZoneAlarm Firewall[ Enabled ]7.0.462.000 # C:\ # Disque fixe local # 52,88 Go (17,66 Go free) # NTFS # D:\ # Disque CD-ROM # E:\ # Disque fixe local # 465,7 Go (312,39 Go free) # FAT32 ################## | Eléments infectieux | C:\WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf ################## | Registre | [HKCU\Software\Classes\ed2k] [HKCR\ed2k] ################## | Etat | # Affichage des fichiers cachés : OK # Mode sans echec : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | ! Fin du rapport # FindyKill V5.050 ! |

salut appolo voici mon lien pour l'achat du CD xp Windows XP Edition Familial cd Informatique Vaucluse - leboncoin.fr kasper a fini de bosser et y'a pas grand chose dans le rapport on dirait le voici en intégralité 12/09/2010 18:24:39 Task started 12/09/2010 19:33:26 Detected: Trojan-Downloader.Win32.Bagle.dsg C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\data.oct.FindyKill 12/09/2010 20:05:12 Deleted: Trojan-Downloader.Win32.Bagle.dsg C:\FyK\Quarantine\C\Documents and Settings\lolo\Application Data\m\data.oct.FindyKill 12/09/2010 22:44:18 Task completed par contre au niveau ZA toujours impossible de lancer ou désinstaller et la connexion internet c'est pareil elle ne tient que qq minutes....

effectivement il fouille le kasper 42% en 2h40 héhé bon je posterai le rapport demain merci mille fois apollo je crois que j'ai trouvé un XP d'occase pas très cher à demain

ok bon kaspersky bosse....j'attend...dis donc il va pas vite le père ... ça finira surement demain matin je regarde si je peux trouver un xp pas trop cher d'occase mais y'a pas d'histoire qu'on ne peut l'installer qu'une fois?

ok tu suggères donc qu'un reformatage est envisageable si ça marche pas ...pas de pb j'essaie tout ça j'ai le mac de ma femme (l'ordinateur bien sur ) pour lire ta procédure merci encore te tiens au courant

voici le rapport combo niveau ZA tjs pareil ComboFix 10-09-11.03 - lolo 12/09/2010 15:42:24.4.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.224 [GMT 2:00] Lancé depuis: c:\documents and settings\lolo\Bureau\plop.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-12 au 2010-09-12 )))))))))))))))))))))))))))))))))))) . 2010-09-12 11:05 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-09-12 11:05 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-09-12 11:05 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-09-12 11:05 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-09-12 11:05 . 2010-09-12 11:05 -------- d-----w- c:\program files\Avira 2010-09-12 11:05 . 2010-09-12 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-09-11 16:08 . 2010-09-12 10:54 -------- d-----w- C:\UsbFix 2010-09-11 15:38 . 2010-09-11 15:38 1068 ----a-w- C:\FindyKill_Upload_Me_LOLO-EEBF1AD74A.zip 2010-09-10 17:12 . 2010-09-10 17:12 388096 ----a-r- c:\documents and settings\lolo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-10 17:12 . 2010-09-10 17:12 -------- d-----w- c:\program files\Trend Micro 2010-09-10 16:32 . 2010-09-10 15:44 70656 -c--a-w- c:\windows\system32\dllcache\sysinfo.exe.REN 2010-09-10 16:32 . 2010-09-10 15:44 15360 -c--a-w- c:\windows\system32\dllcache\register.exe.REN 2010-09-10 15:57 . 2010-09-12 10:52 -------- d-----w- C:\FyK 2010-09-09 20:36 . 2010-09-10 05:36 -------- d-----w- c:\windows\BDOSCAN8 2010-09-08 20:17 . 2010-09-09 18:00 -------- d-----w- c:\documents and settings\lolo\Application Data\vlc 2010-09-08 20:05 . 2010-09-08 20:05 -------- d-----w- c:\program files\Windows Media Connect 2 2010-09-08 20:02 . 2010-09-08 20:03 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys 2010-09-08 18:34 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys 2010-09-08 18:33 . 2009-10-13 14:42 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys 2010-09-08 17:45 . 2010-09-09 18:30 -------- d-----w- c:\program files\Fichiers communs\Common Share 2010-09-08 17:44 . 2010-09-08 17:52 -------- d-----w- c:\program files\Ripp-it_AM 2010-09-08 16:59 . 2010-09-08 17:11 -------- d-----w- c:\program files\WinAVI MP4 Converter 2010-09-08 16:42 . 2010-09-08 16:42 -------- d-----w- c:\program files\OJOsoft 2010-09-08 16:42 . 2008-12-18 11:38 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-09-08 16:42 . 2008-12-18 11:38 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-09-08 16:42 . 2008-12-18 11:38 1060864 ----a-w- c:\windows\system32\mfc71.dll 2010-09-08 16:25 . 2010-09-08 16:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2010-09-08 15:43 . 2010-09-08 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ 2010-09-08 15:38 . 2010-09-08 15:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2010-09-08 15:37 . 2010-09-08 15:38 -------- d-----w- c:\documents and settings\lolo\Application Data\Canon 2010-09-08 15:37 . 2010-09-08 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2010-09-08 15:35 . 2009-04-21 03:20 74752 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP270 series Printer\LanguageModules\040b\CNMsr9X.dll 2010-09-08 15:30 . 2010-09-08 15:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2010-09-08 15:29 . 2010-09-08 15:29 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2010-09-08 15:29 . 2009-02-04 13:17 90112 ----a-w- c:\windows\system32\CNC270O.dll 2010-09-08 15:29 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIU9X.DLL 2010-09-08 15:29 . 2010-09-08 15:29 -------- d--h--w- c:\program files\CanonBJ 2010-09-08 14:53 . 2010-09-08 14:53 -------- d-----w- c:\documents and settings\lolo\Local Settings\Application Data\ATI 2010-09-08 14:53 . 2010-09-08 14:53 -------- d-----w- c:\documents and settings\lolo\Application Data\ATI 2010-09-03 17:08 . 2010-09-04 14:59 -------- d-----w- c:\documents and settings\lolo\.moovida 2010-09-03 16:44 . 2010-09-03 16:44 -------- d-----w- c:\program files\MSXML 4.0 2010-09-01 17:11 . 2010-09-01 17:24 -------- d-----w- c:\documents and settings\lolo\Application Data\Nero 2010-09-01 16:08 . 2010-09-01 16:25 -------- d-----w- c:\program files\Nero 2010-09-01 16:07 . 2010-09-01 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2010-09-01 16:07 . 2010-09-01 16:26 -------- d-----w- c:\program files\Fichiers communs\Nero 2010-08-31 19:56 . 2010-08-31 20:58 -------- d-----w- c:\program files\SlySoft 2010-08-31 18:55 . 2010-08-31 18:55 -------- d-----w- c:\program files\MSECache 2010-08-31 18:42 . 2010-08-31 18:42 -------- d-----w- c:\program files\Alcohol Soft 2010-08-31 18:31 . 2010-08-31 18:31 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-08-30 22:22 . 2010-09-08 20:02 -------- d-----w- c:\windows\system32\LogFiles 2010-08-28 17:22 . 2010-08-28 17:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-08-28 17:22 . 2010-09-12 12:30 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-08-28 17:16 . 2010-09-01 17:16 64888 ----a-w- c:\documents and settings\lolo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-28 11:16 . 2010-08-28 11:17 -------- d-----w- c:\documents and settings\lolo\Application Data\Notepad++ 2010-08-28 11:16 . 2010-08-28 11:16 -------- d-----w- c:\program files\Notepad++ 2010-08-13 13:59 . 2004-03-22 13:17 25840 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-08-13 13:59 . 2004-03-22 13:17 24816 ----a-w- c:\windows\system32\mdimon.dll 2010-08-13 13:59 . 2010-08-13 13:59 -------- d-----w- c:\program files\Microsoft.NET 2010-08-13 13:56 . 2010-08-13 13:58 -------- d-----w- c:\program files\Microsoft Office 2003 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-10 16:51 . 2001-08-28 12:00 72564 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-10 16:51 . 2001-08-28 12:00 461642 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-09 20:20 . 2010-06-10 16:22 -------- d-----w- c:\program files\AtomixMP3 2010-09-09 20:20 . 2010-05-15 17:24 -------- d-----w- c:\program files\IKEA HomePlanner 2010-09-09 20:11 . 2010-04-07 16:51 -------- d-----w- c:\documents and settings\lolo\Application Data\OfferBox 2010-09-09 18:31 . 2010-03-19 16:59 140852 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-09-09 18:31 . 2010-03-19 16:59 11927584 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-09-09 18:29 . 2010-03-28 11:35 -------- d-----w- c:\program files\ma-config.com 2010-09-09 18:29 . 2010-03-28 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-09-08 22:13 . 2010-03-19 21:41 -------- d-----w- c:\program files\eMule 2010-09-08 20:14 . 2010-04-07 16:30 -------- d-----w- c:\program files\VideoLAN 2010-09-08 19:56 . 2010-09-04 15:17 -------- d-----w- c:\program files\Fluendo 2010-09-08 19:55 . 2010-09-04 15:27 -------- d-----w- c:\documents and settings\lolo\Application Data\moovida-1 2010-09-08 16:24 . 2010-09-08 16:25 1412608 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2010-09-08 16:24 . 2010-09-08 16:25 4146688 ----a-w- c:\windows\Internet Logs\xDB8.tmp 2010-09-08 15:37 . 2010-09-08 14:24 -------- d-----w- c:\program files\Canon 2010-09-08 14:53 . 2010-09-08 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2010-09-08 14:39 . 2010-09-08 14:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2010-09-03 17:09 . 2010-09-03 17:09 -------- d-----w- c:\documents and settings\lolo\Application Data\Python-Eggs 2010-08-30 22:09 . 2010-03-28 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-14 14:30 . 2010-03-18 14:38 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe . ------- Sigcheck ------- [-] 2008-05-02 . 3224132B659B0D36594BB686D144D9C0 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-10 919016] "HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2004-08-19 101888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] 2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-09-29 20:13 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Moovida\\moovida.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/09/2010 13:05 108289] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [08/09/2010 20:33 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [08/09/2010 20:34 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [08/09/2010 20:34 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [08/09/2010 20:34 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [08/09/2010 20:34 25704] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [31/08/2010 20:31 697328] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MI699F~1\OFFICE11\EXCEL.EXE/3000 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\lolo\Application Data\Mozilla\Firefox\Profiles\qn1cnc91.default\ FF - prefs.js: browser.startup.homepage - yahoo.fr FF - component: c:\documents and settings\lolo\Application Data\Mozilla\Firefox\Profiles\qn1cnc91.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-12 15:47 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2010-09-12 15:50:29 ComboFix-quarantined-files.txt 2010-09-12 13:50 Avant-CF: 18 953 469 952 octets libres Après-CF: 18 948 800 512 octets libres - - End Of File - - 8D19AA839AE1F85FA115B5C4A77E9195 merci