soulatp

Bonjour voilà j'ai tout désinstallé tout est propre j'ai automatisé la detection des mises à jour de JAVA nous pensons changer d'ici quelques mois cet ordinateur, le nouveau sera livré avec windows 7 non modifié et promis je ne touche à rien En ce qui concerne ton conseil sur la version PRO de Malewarebytes' Antimalware, est-il judicieux de laisser tourner 2 "antivirus" ? Ca ne va pas entrer en conflit en sachant que NOD32 bloque également les malwares ? Au niveau des ressources de l'ordinateur cela ne va t-il pas être trop gourmand ? En attendant il me reste plus qu'à renouveller mes remerciements à toi Mark et toute l'équipe pour l'aide que vous nous apportez ++

bonjour Mark, je suis heureux de t'apprendre que la machine fonctionne parfaitement bien. A plus tard.

et comme tu le sais il est très tard de notre côté je verifie le comportement de l'ordinateur demain et je fais le point ici Bonne soirée à toi et encore mille merci ++

tous les programmes refonctionnent normalement ouf !!!! dois-je exécuter d'autres manipulations ?

heureusement que nous avons 2 pc à la maison 1) en effet utorrent installé par le fils 2) je ne peux plus rien exécuté sur le pc infecté exemple : ouverture de l'explorateur >>>> Tentative d'opération non autorisée sur une clé de registre marquée pour suppression ouverture internet explorer >>>> C:\chemin\internet explorer.lnk Tentative d'opération non autorisée sur une clé de registre marquée pour suppression tout programme que je souhaite lancer, j'ai le même message d'erreur. voici quand même le résultat du scan ComboFix 11-02-17.02 - leden 18/02/2011 23:19:55.3.2 - x86 Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2814.1776 [GMT 1:00] Lancé depuis: c:\users\leden\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\leden\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\uTorrentBar_FR c:\program files\uTorrentBar_FR\GottenAppsContextMenu.xml c:\program files\uTorrentBar_FR\INSTALL.LOG c:\program files\uTorrentBar_FR\OtherAppsContextMenu.xml c:\program files\uTorrentBar_FR\SharedAppsContextMenu.xml c:\program files\uTorrentBar_FR\tbuTo0.dll c:\program files\uTorrentBar_FR\tbuTo1.dll c:\program files\uTorrentBar_FR\tbuTor.dll c:\program files\uTorrentBar_FR\toolbar.cfg c:\program files\uTorrentBar_FR\ToolbarContextMenu.xml c:\program files\uTorrentBar_FR\UNWISE.EXE c:\program files\uTorrentBar_FR\UNWISE.INI c:\program files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe c:\users\leden\AppData\Roaming\94B6A705FFFE108827692408EB1A9299 c:\users\leden\AppData\Roaming\94B6A705FFFE108827692408EB1A9299\lpppatch70700reg.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-18 au 2011-02-18 )))))))))))))))))))))))))))))))))))) . 2011-02-18 22:23 . 2011-02-18 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-18 18:50 . 2011-02-18 22:25 -------- d-----w- c:\users\leden\AppData\Local\temp 2011-02-18 18:42 . 2011-02-18 18:42 -------- d-----w- c:\program files\Common Files\Java 2011-02-18 18:41 . 2011-02-18 18:41 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-18 18:41 . 2011-02-18 18:41 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-18 18:41 . 2011-02-18 18:41 -------- d-----w- c:\program files\Java 2011-02-17 23:46 . 2011-02-17 23:46 406528 ----a-w- c:\windows\system32\ReWire.dll 2011-02-17 23:46 . 2011-02-17 23:46 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2011-02-17 23:42 . 2011-02-17 23:46 -------- d-----w- c:\programdata\Propellerhead Software 2011-02-17 23:42 . 2011-02-17 23:47 -------- d-----w- c:\users\leden\AppData\Roaming\Propellerhead Software 2011-02-17 23:36 . 2011-02-17 23:36 -------- d-----w- c:\program files\Propellerhead 2011-02-17 13:21 . 2011-02-17 13:21 -------- d-----w- c:\program files\ZHPFix 2011-02-15 17:56 . 2011-02-11 20:00 797441 ----a-w- c:\program files\Mozilla Firefox\PiroxFishBot.exe 2011-02-11 11:35 . 2011-02-11 11:35 -------- d-----w- c:\program files\Defraggler 2011-02-10 21:44 . 2011-02-10 21:44 -------- d-----w- c:\program files\Recuva 2011-02-10 10:43 . 2011-02-10 10:43 -------- d-----w- c:\users\leden\AppData\Local\TouchStoneSoftware 2011-02-10 10:43 . 2011-02-10 10:43 -------- d-----w- c:\program files\TouchStoneSoftware 2011-02-06 13:32 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2011-02-03 23:23 . 2011-02-03 23:23 -------- d-----w- c:\program files\Acunetix 2011-02-03 20:20 . 2011-02-04 18:42 -------- d-----w- c:\users\leden\AppData\Roaming\RIFT 2011-01-31 00:16 . 2011-01-31 00:16 -------- d-----w- c:\users\leden\AppData\Roaming\SUPERAntiSpyware.com 2011-01-31 00:16 . 2011-01-31 00:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-01-31 00:16 . 2011-01-31 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-01-26 17:27 . 2011-01-31 00:20 -------- d-----w- c:\program files\IDoser v4 2011-01-26 17:15 . 2011-01-26 17:15 -------- d-----w- c:\program files\Osmos 2011-01-21 11:45 . 2011-01-21 11:45 -------- d-----w- c:\program files\Digital Photo Software 2011-01-21 11:45 . 2010-07-01 02:32 67312 ----a-w- c:\windows\UnDeployV.exe 2011-01-19 23:25 . 2011-01-19 23:25 -------- d-----w- c:\windows\system32\Wat 2011-01-19 23:19 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe 2011-01-19 23:19 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys 2011-01-19 23:17 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2011-01-19 23:17 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll 2011-01-19 23:17 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-01-19 23:17 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-01-19 23:17 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-01-19 23:17 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe 2011-01-19 23:15 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-01-19 22:32 . 2011-01-19 22:32 388096 ----a-r- c:\users\leden\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2011-01-19 22:32 . 2011-01-19 22:32 -------- d-----w- c:\program files\TrendMicro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-26 17:15 . 2010-10-11 13:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-01-26 17:15 . 2010-10-11 13:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-01-17 21:43 . 2011-01-17 21:43 34064 ----a-w- c:\windows\system32\lhacm.acm 2011-01-08 03:27 . 2011-02-04 01:07 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-01-08 03:27 . 2010-12-10 18:35 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-01-08 03:27 . 2010-12-10 18:35 1965672 ----a-w- c:\windows\system32\nvapi.dll 2011-01-08 03:27 . 2010-12-10 18:35 10078312 ----a-w- c:\windows\system32\nvd3dum.dll 2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll 2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe 2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll 2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll 2010-12-20 17:09 . 2010-12-25 21:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-12-25 21:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-01 21:36 . 2010-12-01 21:36 35322368 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe 2010-12-01 21:36 . 2010-12-01 21:36 921600 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr . ------- Sigcheck ------- [-] 2010-03-16 . 076563AA6ABEF78A850D7C7465BD5365 . 2614272 . . [6.1.7600.16385] . . c:\windows\explorer.exe [7] 2010-03-16 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [7] 2010-03-16 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [7] 2010-03-16 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [7] 2010-03-16 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2010-01-08 836056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino] 2006-07-04 13:16 49152 ----a-w- c:\windows\Domino.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2009-12-16 12:12 337808 ----a-w- c:\program files\Eraser\Eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface] 2010-07-18 21:27 1258496 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 cpuz134;cpuz134;c:\windows\TEMP\cpuz134\cpuz134_x32.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-09-12 251248] R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704] R3 rt61x86;802.11g Wireless Driver RT61;c:\windows\system32\DRIVERS\netr61.sys [x] R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-19 1343400] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-07 691696] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896] S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [2009-05-17 41984] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392] NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC AppMgmt ? r ? k ? i ? ? ? 8 ? a ? m ? ? ? o ? 2 ? . ? ? ? / ? p ? ? ? c ? u ? ? ? > ? d ? s ? l ? n ? ? ? C ? ? = ? r ? ] ? i ? ? ? 3 ? a ? h ? ? ? o ? % ? ' ? V ? ? < ? p ? ? c ? y ? ? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . ------- Examen supplémentaire ------- . TCP: {0A8050FA-738A-40A9-ACEC-ADF918AA7A6C} = 109.0.66.70,109.0.66.20 FF - ProfilePath - c:\users\leden\AppData\Roaming\Mozilla\Firefox\Profiles\s4ngtjwc.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: uTorrentBar_FR Community Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - %profile%\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,ea,0d,58,4b,ef,77,44,a5,6c,70,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,ea,0d,58,4b,ef,77,44,a5,6c,70,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(2128) c:\program files\TrueLaunchBar\tlb.dll c:\program files\TrueLaunchBar\plugins\drvspace\drvspace.dll c:\program files\TrueLaunchBar\plugins\netmon\netmon.dll c:\program files\TrueLaunchBar\plugins\volctl\volctrl.dll c:\program files\GPSoftware\Directory Opus\dopuslib.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\wbem\WmiApSrv.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Heure de fin: 2011-02-18 23:27:08 - La machine a redémarré ComboFix-quarantined-files.txt 2011-02-18 22:27 ComboFix2.txt 2011-02-18 18:54 ComboFix3.txt 2011-02-17 23:28 Avant-CF: 82 307 870 720 octets libres Après-CF: 82 265 292 800 octets libres - - End Of File - - DBAE0D874487BBF1B455D12DC63578E1

alors pour utorrent bar qui est arrivé dans mon pc je ne sais pas trop comment, j'ai souhaité vivement le desinstaller mais j'ai ce message C:\program files\utorrentBar_FR\UNWISE.Exe tentative d'opération non autorisée sur une clé de Registre marquée pour Suppression sinon voici le rapport ComboFix ComboFix 11-02-17.02 - leden 18/02/2011 19:47:17.2.2 - x86 Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2814.1894 [GMT 1:00] Lancé depuis: c:\users\leden\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\leden\Desktop\CFscript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé FILE :: "c:\windows\system32\alk553F.tmp" "c:\windows\temp\nxiq\setup.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\ConduitEngine c:\program files\ConduitEngine\appContextMenu.xml c:\program files\ConduitEngine\ConduitEngin0.dll c:\program files\ConduitEngine\ConduitEngine.dll c:\program files\ConduitEngine\ConduitEngineHelper.exe c:\program files\ConduitEngine\ConduitEngineUninstall.exe c:\program files\ConduitEngine\engineContextMenu.xml c:\program files\ConduitEngine\EngineSettings.json c:\program files\ConduitEngine\INSTALL.LOG c:\program files\ConduitEngine\toolbar.cfg c:\programdata\Desktop c:\windows\system32\alk553F.tmp . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AMService ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-18 au 2011-02-18 )))))))))))))))))))))))))))))))))))) . 2011-02-18 18:50 . 2011-02-18 18:52 -------- d-----w- c:\users\leden\AppData\Local\temp 2011-02-18 18:50 . 2011-02-18 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-18 18:42 . 2011-02-18 18:42 -------- d-----w- c:\program files\Common Files\Java 2011-02-18 18:41 . 2011-02-18 18:41 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-18 18:41 . 2011-02-18 18:41 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-18 18:41 . 2011-02-18 18:41 -------- d-----w- c:\program files\Java 2011-02-17 23:46 . 2011-02-17 23:46 406528 ----a-w- c:\windows\system32\ReWire.dll 2011-02-17 23:46 . 2011-02-17 23:46 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2011-02-17 23:42 . 2011-02-17 23:46 -------- d-----w- c:\programdata\Propellerhead Software 2011-02-17 23:42 . 2011-02-17 23:47 -------- d-----w- c:\users\leden\AppData\Roaming\Propellerhead Software 2011-02-17 23:36 . 2011-02-17 23:36 -------- d-----w- c:\program files\Propellerhead 2011-02-17 13:21 . 2011-02-17 13:21 -------- d-----w- c:\program files\ZHPFix 2011-02-15 17:56 . 2011-02-11 20:00 797441 ----a-w- c:\program files\Mozilla Firefox\PiroxFishBot.exe 2011-02-11 11:35 . 2011-02-11 11:35 -------- d-----w- c:\program files\Defraggler 2011-02-10 21:44 . 2011-02-10 21:44 -------- d-----w- c:\program files\Recuva 2011-02-10 10:43 . 2011-02-10 10:43 -------- d-----w- c:\users\leden\AppData\Local\TouchStoneSoftware 2011-02-10 10:43 . 2011-02-10 10:43 -------- d-----w- c:\program files\TouchStoneSoftware 2011-02-06 13:32 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2011-02-03 23:23 . 2011-02-03 23:23 -------- d-----w- c:\program files\Acunetix 2011-02-03 20:20 . 2011-02-04 18:42 -------- d-----w- c:\users\leden\AppData\Roaming\RIFT 2011-01-31 00:16 . 2011-01-31 00:16 -------- d-----w- c:\users\leden\AppData\Roaming\SUPERAntiSpyware.com 2011-01-31 00:16 . 2011-01-31 00:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-01-31 00:16 . 2011-01-31 00:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-01-26 17:27 . 2011-01-31 00:20 -------- d-----w- c:\program files\IDoser v4 2011-01-26 17:15 . 2011-01-26 17:15 -------- d-----w- c:\program files\Osmos 2011-01-21 11:45 . 2011-01-21 11:45 -------- d-----w- c:\program files\Digital Photo Software 2011-01-21 11:45 . 2010-07-01 02:32 67312 ----a-w- c:\windows\UnDeployV.exe 2011-01-19 23:25 . 2011-01-19 23:25 -------- d-----w- c:\windows\system32\Wat 2011-01-19 23:19 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe 2011-01-19 23:19 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys 2011-01-19 23:17 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2011-01-19 23:17 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll 2011-01-19 23:17 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-01-19 23:17 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-01-19 23:17 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-01-19 23:17 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe 2011-01-19 23:15 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-01-19 22:32 . 2011-01-19 22:32 388096 ----a-r- c:\users\leden\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2011-01-19 22:32 . 2011-01-19 22:32 -------- d-----w- c:\program files\TrendMicro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-26 17:15 . 2010-10-11 13:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-01-26 17:15 . 2010-10-11 13:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-01-17 21:43 . 2011-01-17 21:43 34064 ----a-w- c:\windows\system32\lhacm.acm 2011-01-08 03:27 . 2011-02-04 01:07 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-01-08 03:27 . 2010-12-10 18:35 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-01-08 03:27 . 2010-12-10 18:35 1965672 ----a-w- c:\windows\system32\nvapi.dll 2011-01-08 03:27 . 2010-12-10 18:35 10078312 ----a-w- c:\windows\system32\nvd3dum.dll 2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll 2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe 2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll 2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll 2010-12-20 17:09 . 2010-12-25 21:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-12-25 21:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-01 21:36 . 2010-12-01 21:36 35322368 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe 2010-12-01 21:36 . 2010-12-01 21:36 921600 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\users\leden\AppData\Roaming\94B6A705FFFE108827692408EB1A9299 ---- 2011-01-16 12:07 . 2011-01-16 12:12 1044480 ----a-w- c:\users\leden\AppData\Roaming\94B6A705FFFE108827692408EB1A9299\lpppatch70700reg.exe ------- Sigcheck ------- [-] 2010-03-16 . 076563AA6ABEF78A850D7C7465BD5365 . 2614272 . . [6.1.7600.16385] . . c:\windows\explorer.exe [7] 2010-03-16 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [7] 2010-03-16 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [7] 2010-03-16 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [7] 2010-03-16 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\tbuTo1.dll" [2011-01-19 3911776] [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] 2011-01-19 11:42 3911776 ----a-w- c:\program files\uTorrentBar_FR\tbuTo1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\tbuTo1.dll" [2011-01-19 3911776] [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"= "c:\program files\uTorrentBar_FR\tbuTo1.dll" [2011-01-19 3911776] [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2010-01-08 836056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino] 2006-07-04 13:16 49152 ----a-w- c:\windows\Domino.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2009-12-16 12:12 337808 ----a-w- c:\program files\Eraser\Eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface] 2010-07-18 21:27 1258496 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 cpuz134;cpuz134;c:\windows\TEMP\cpuz134\cpuz134_x32.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-09-12 251248] R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704] R3 rt61x86;802.11g Wireless Driver RT61;c:\windows\system32\DRIVERS\netr61.sys [x] R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-19 1343400] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-07 691696] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 AcuWVSSchedulerv7;Acunetix WVS Scheduler v7;c:\program files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe [2011-01-24 675128] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896] S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [2009-05-17 41984] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392] NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC AppMgmt ? r ? k ? i ? ? ? 8 ? a ? m ? ? ? o ? 2 ? . ? ? ? / ? p ? ? ? c ? u ? ? ? > ? d ? s ? l ? n ? ? ? C ? ? = ? r ? ] ? i ? ? ? 3 ? a ? h ? ? ? o ? % ? ' ? V ? ? < ? p ? ? c ? y ? ? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . ------- Examen supplémentaire ------- . TCP: {0A8050FA-738A-40A9-ACEC-ADF918AA7A6C} = 109.0.66.70,109.0.66.20 FF - ProfilePath - c:\users\leden\AppData\Roaming\Mozilla\Firefox\Profiles\s4ngtjwc.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: uTorrentBar_FR Community Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - %profile%\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,ea,0d,58,4b,ef,77,44,a5,6c,70,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,ea,0d,58,4b,ef,77,44,a5,6c,70,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(588) c:\program files\TrueLaunchBar\tlb.dll c:\program files\TrueLaunchBar\plugins\drvspace\drvspace.dll c:\program files\TrueLaunchBar\plugins\netmon\netmon.dll c:\program files\TrueLaunchBar\plugins\volctl\volctrl.dll c:\program files\GPSoftware\Directory Opus\dopuslib.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\wbem\WmiApSrv.exe c:\program files\GPSoftware\Directory Opus\dopus.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Heure de fin: 2011-02-18 19:54:06 - La machine a redémarré ComboFix-quarantined-files.txt 2011-02-18 18:54 ComboFix2.txt 2011-02-17 23:28 Avant-CF: 82 530 099 200 octets libres Après-CF: 82 325 811 200 octets libres - - End Of File - - F390C7595146EDA51A2C003EF0EBE7FE

Bonjour Mark merci d'être à nouveau là je confirme en effet le système a été modifié et j'ai également stoppé pas mal de services (peut être top ce qui a permis l'intrusion) comme demandé voici le rapport de TDSSKiller 2011/02/18 17:01:29.0983 2940 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20 2011/02/18 17:01:30.0962 2940 ================================================================================ 2011/02/18 17:01:30.0962 2940 SystemInfo: 2011/02/18 17:01:30.0962 2940 2011/02/18 17:01:30.0962 2940 OS Version: 6.1.7600 ServicePack: 0.0 2011/02/18 17:01:30.0962 2940 Product type: Workstation 2011/02/18 17:01:30.0963 2940 ComputerName: LEDEN-PC 2011/02/18 17:01:30.0963 2940 UserName: leden 2011/02/18 17:01:30.0963 2940 Windows directory: C:\Windows 2011/02/18 17:01:30.0963 2940 System windows directory: C:\Windows 2011/02/18 17:01:30.0963 2940 Processor architecture: Intel x86 2011/02/18 17:01:30.0963 2940 Number of processors: 2 2011/02/18 17:01:30.0963 2940 Page size: 0x1000 2011/02/18 17:01:30.0963 2940 Boot type: Normal boot 2011/02/18 17:01:30.0963 2940 ================================================================================ 2011/02/18 17:01:32.0567 2940 Initialize success 2011/02/18 17:01:35.0323 1236 ================================================================================ 2011/02/18 17:01:35.0323 1236 Scan started 2011/02/18 17:01:35.0323 1236 Mode: Manual; 2011/02/18 17:01:35.0323 1236 ================================================================================ 2011/02/18 17:01:36.0005 1236 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/02/18 17:01:36.0042 1236 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/02/18 17:01:36.0075 1236 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/02/18 17:01:36.0115 1236 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/02/18 17:01:36.0137 1236 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/02/18 17:01:36.0162 1236 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/02/18 17:01:36.0200 1236 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/02/18 17:01:36.0223 1236 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/02/18 17:01:36.0248 1236 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/02/18 17:01:36.0270 1236 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/02/18 17:01:36.0298 1236 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/02/18 17:01:36.0312 1236 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/02/18 17:01:36.0329 1236 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/02/18 17:01:36.0348 1236 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/02/18 17:01:36.0369 1236 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/02/18 17:01:36.0396 1236 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/02/18 17:01:36.0412 1236 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/02/18 17:01:36.0442 1236 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/02/18 17:01:36.0473 1236 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/02/18 17:01:36.0491 1236 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/02/18 17:01:36.0524 1236 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/02/18 17:01:36.0547 1236 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/02/18 17:01:36.0575 1236 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 2011/02/18 17:01:36.0617 1236 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/02/18 17:01:36.0652 1236 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/02/18 17:01:36.0678 1236 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/02/18 17:01:36.0706 1236 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/02/18 17:01:36.0723 1236 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/02/18 17:01:36.0741 1236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/02/18 17:01:36.0757 1236 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/02/18 17:01:36.0791 1236 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/02/18 17:01:36.0808 1236 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/02/18 17:01:36.0825 1236 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/02/18 17:01:36.0842 1236 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/02/18 17:01:36.0860 1236 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/02/18 17:01:36.0972 1236 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/02/18 17:01:36.0991 1236 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/02/18 17:01:37.0015 1236 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/02/18 17:01:37.0050 1236 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/02/18 17:01:37.0095 1236 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/02/18 17:01:37.0121 1236 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/02/18 17:01:37.0155 1236 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/02/18 17:01:37.0173 1236 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/02/18 17:01:37.0193 1236 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/02/18 17:01:37.0275 1236 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/02/18 17:01:37.0315 1236 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/02/18 17:01:37.0352 1236 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/02/18 17:01:37.0374 1236 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/02/18 17:01:37.0394 1236 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/02/18 17:01:37.0495 1236 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 2011/02/18 17:01:37.0538 1236 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/02/18 17:01:37.0573 1236 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/02/18 17:01:37.0620 1236 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\Windows\system32\DRIVERS\eamon.sys 2011/02/18 17:01:37.0694 1236 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/02/18 17:01:37.0755 1236 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\Windows\system32\DRIVERS\ehdrv.sys 2011/02/18 17:01:37.0805 1236 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/02/18 17:01:37.0836 1236 epfwwfpr (8700eadc8bdfa27d948fcc43ee0ae434) C:\Windows\system32\DRIVERS\epfwwfpr.sys 2011/02/18 17:01:37.0887 1236 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys 2011/02/18 17:01:37.0902 1236 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/02/18 17:01:37.0950 1236 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys 2011/02/18 17:01:37.0975 1236 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/02/18 17:01:37.0992 1236 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/02/18 17:01:38.0015 1236 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/02/18 17:01:38.0041 1236 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/02/18 17:01:38.0061 1236 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/02/18 17:01:38.0105 1236 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/02/18 17:01:38.0126 1236 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/02/18 17:01:38.0152 1236 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/02/18 17:01:38.0171 1236 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/02/18 17:01:38.0211 1236 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/02/18 17:01:38.0336 1236 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/02/18 17:01:38.0383 1236 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/02/18 17:01:38.0424 1236 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/02/18 17:01:38.0471 1236 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/02/18 17:01:38.0500 1236 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/02/18 17:01:38.0517 1236 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/02/18 17:01:38.0554 1236 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/02/18 17:01:38.0581 1236 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/02/18 17:01:38.0614 1236 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/02/18 17:01:38.0643 1236 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/02/18 17:01:38.0662 1236 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/02/18 17:01:38.0680 1236 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/02/18 17:01:38.0707 1236 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/02/18 17:01:38.0769 1236 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/02/18 17:01:38.0810 1236 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/02/18 17:01:38.0832 1236 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/02/18 17:01:38.0861 1236 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/02/18 17:01:38.0881 1236 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/02/18 17:01:38.0908 1236 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/02/18 17:01:38.0949 1236 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/02/18 17:01:38.0999 1236 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/02/18 17:01:39.0066 1236 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/02/18 17:01:39.0124 1236 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/02/18 17:01:39.0166 1236 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/02/18 17:01:39.0199 1236 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/02/18 17:01:39.0238 1236 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/02/18 17:01:39.0323 1236 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/02/18 17:01:39.0372 1236 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/02/18 17:01:39.0412 1236 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/02/18 17:01:39.0428 1236 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/02/18 17:01:39.0449 1236 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/02/18 17:01:39.0466 1236 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/02/18 17:01:39.0506 1236 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/02/18 17:01:39.0531 1236 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/02/18 17:01:39.0561 1236 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/02/18 17:01:39.0583 1236 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/02/18 17:01:39.0621 1236 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/02/18 17:01:39.0641 1236 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/02/18 17:01:39.0672 1236 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/02/18 17:01:39.0690 1236 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/02/18 17:01:39.0721 1236 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/02/18 17:01:39.0738 1236 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/02/18 17:01:39.0767 1236 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/02/18 17:01:39.0787 1236 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/02/18 17:01:39.0806 1236 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/02/18 17:01:39.0828 1236 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/02/18 17:01:39.0844 1236 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/02/18 17:01:39.0863 1236 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/02/18 17:01:39.0900 1236 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/02/18 17:01:39.0916 1236 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/02/18 17:01:39.0972 1236 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/02/18 17:01:40.0008 1236 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/02/18 17:01:40.0028 1236 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/02/18 17:01:40.0045 1236 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/02/18 17:01:40.0066 1236 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/02/18 17:01:40.0088 1236 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/02/18 17:01:40.0112 1236 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/02/18 17:01:40.0129 1236 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/02/18 17:01:40.0148 1236 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/02/18 17:01:40.0180 1236 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/02/18 17:01:40.0209 1236 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/02/18 17:01:40.0236 1236 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/02/18 17:01:40.0255 1236 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/02/18 17:01:40.0275 1236 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/02/18 17:01:40.0296 1236 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/02/18 17:01:40.0313 1236 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/02/18 17:01:40.0334 1236 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/02/18 17:01:40.0353 1236 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/02/18 17:01:40.0419 1236 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/02/18 17:01:40.0469 1236 npf (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys 2011/02/18 17:01:40.0484 1236 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/02/18 17:01:40.0505 1236 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/02/18 17:01:40.0557 1236 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/02/18 17:01:40.0584 1236 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/02/18 17:01:40.0625 1236 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys 2011/02/18 17:01:40.0820 1236 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/02/18 17:01:40.0933 1236 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/02/18 17:01:40.0951 1236 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/02/18 17:01:40.0975 1236 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/02/18 17:01:40.0992 1236 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/02/18 17:01:41.0021 1236 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/02/18 17:01:41.0037 1236 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/02/18 17:01:41.0074 1236 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/02/18 17:01:41.0103 1236 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/02/18 17:01:41.0119 1236 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/02/18 17:01:41.0138 1236 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/02/18 17:01:41.0158 1236 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/02/18 17:01:41.0196 1236 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/02/18 17:01:41.0299 1236 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/02/18 17:01:41.0318 1236 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/02/18 17:01:41.0354 1236 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/02/18 17:01:41.0393 1236 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/02/18 17:01:41.0447 1236 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/02/18 17:01:41.0468 1236 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/02/18 17:01:41.0487 1236 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/02/18 17:01:41.0521 1236 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/02/18 17:01:41.0541 1236 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/02/18 17:01:41.0563 1236 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/02/18 17:01:41.0585 1236 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/02/18 17:01:41.0604 1236 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/02/18 17:01:41.0624 1236 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/02/18 17:01:41.0641 1236 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/02/18 17:01:41.0666 1236 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/02/18 17:01:41.0690 1236 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/02/18 17:01:41.0714 1236 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/02/18 17:01:41.0744 1236 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/02/18 17:01:41.0772 1236 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/02/18 17:01:41.0813 1236 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/02/18 17:01:41.0859 1236 RTL8167 (6465166dd9b2f841dabad16abdadbe98) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/02/18 17:01:41.0907 1236 RTL8187B (ca5a4fbfe341f13733955b8aac98f0b5) C:\Windows\system32\DRIVERS\RTL8187B.sys 2011/02/18 17:01:41.0937 1236 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/02/18 17:01:42.0019 1236 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/02/18 17:01:42.0049 1236 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/02/18 17:01:42.0078 1236 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/02/18 17:01:42.0099 1236 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/02/18 17:01:42.0131 1236 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/02/18 17:01:42.0164 1236 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/02/18 17:01:42.0182 1236 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/02/18 17:01:42.0200 1236 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/02/18 17:01:42.0254 1236 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/02/18 17:01:42.0277 1236 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/02/18 17:01:42.0294 1236 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys 2011/02/18 17:01:42.0320 1236 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/02/18 17:01:42.0350 1236 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/02/18 17:01:42.0376 1236 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/02/18 17:01:42.0400 1236 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/02/18 17:01:42.0428 1236 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/02/18 17:01:42.0466 1236 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/02/18 17:01:42.0538 1236 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/02/18 17:01:42.0538 1236 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/02/18 17:01:42.0544 1236 sptd - detected Locked file (1) 2011/02/18 17:01:42.0574 1236 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2011/02/18 17:01:42.0600 1236 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2011/02/18 17:01:42.0627 1236 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2011/02/18 17:01:42.0672 1236 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys 2011/02/18 17:01:42.0707 1236 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/02/18 17:01:42.0729 1236 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/02/18 17:01:42.0753 1236 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/02/18 17:01:42.0785 1236 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/02/18 17:01:42.0837 1236 tap0901 (59a356f6c60b99260c8e644fe990de50) C:\Windows\system32\DRIVERS\tap0901.sys 2011/02/18 17:01:42.0894 1236 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/02/18 17:01:42.0939 1236 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/02/18 17:01:42.0966 1236 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/02/18 17:01:42.0985 1236 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/02/18 17:01:43.0005 1236 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/02/18 17:01:43.0023 1236 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/02/18 17:01:43.0043 1236 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/02/18 17:01:43.0087 1236 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/02/18 17:01:43.0123 1236 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/02/18 17:01:43.0143 1236 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/02/18 17:01:43.0165 1236 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/02/18 17:01:43.0199 1236 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/02/18 17:01:43.0219 1236 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/02/18 17:01:43.0236 1236 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/02/18 17:01:43.0282 1236 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/02/18 17:01:43.0306 1236 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/02/18 17:01:43.0328 1236 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/02/18 17:01:43.0354 1236 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/02/18 17:01:43.0395 1236 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/02/18 17:01:43.0413 1236 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/02/18 17:01:43.0449 1236 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/02/18 17:01:43.0486 1236 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/02/18 17:01:43.0502 1236 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/02/18 17:01:43.0518 1236 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/02/18 17:01:43.0559 1236 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/02/18 17:01:43.0581 1236 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/02/18 17:01:43.0601 1236 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/02/18 17:01:43.0627 1236 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/02/18 17:01:43.0656 1236 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/02/18 17:01:43.0674 1236 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/02/18 17:01:43.0693 1236 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/02/18 17:01:43.0717 1236 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/02/18 17:01:43.0738 1236 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/02/18 17:01:43.0755 1236 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/02/18 17:01:43.0779 1236 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/02/18 17:01:43.0801 1236 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/02/18 17:01:43.0826 1236 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/02/18 17:01:43.0847 1236 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/02/18 17:01:43.0876 1236 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/02/18 17:01:43.0894 1236 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/18 17:01:43.0913 1236 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/18 17:01:43.0952 1236 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/02/18 17:01:43.0981 1236 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/02/18 17:01:44.0027 1236 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/02/18 17:01:44.0049 1236 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/02/18 17:01:44.0136 1236 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/02/18 17:01:44.0156 1236 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/02/18 17:01:44.0199 1236 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/02/18 17:01:44.0263 1236 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/02/18 17:01:44.0284 1236 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/02/18 17:01:44.0356 1236 ZSMC301b (a1a3f0e6a4584f601e8acc92f526f5be) C:\Windows\system32\Drivers\usbVM31b.sys 2011/02/18 17:01:44.0405 1236 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/18 17:01:44.0484 1236 ================================================================================ 2011/02/18 17:01:44.0484 1236 Scan finished 2011/02/18 17:01:44.0484 1236 ================================================================================ 2011/02/18 17:01:44.0499 0236 Detected object count: 2 2011/02/18 17:02:27.0248 0236 Locked file(sptd) - User select action: Skip 2011/02/18 17:02:27.0279 0236 \HardDisk0 - will be cured after reboot 2011/02/18 17:02:27.0280 0236 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/18 17:02:30.0899 0220 Deinitialize success

je t'impose rien prend ton temps même si c demain de toute facon c infecté depuis noel ca peut bien patienter encore un peu ^^ merci pour ton aide et ta patience A plus tard

voici le rapport ComboFix 11-01-18.04 - leden 19/01/2011 23:40:20.1.2 - x86 Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2814.466 [GMT 1:00] Lancé depuis: c:\users\leden\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\auth.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\burnlib.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\dsp_sps.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\enc_aacplus.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\enc_flac.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\enc_flake.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\enc_lame.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\enc_vorbis.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\enc_wav.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\enc_wma.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_classicart.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_crasher.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_dropbox.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_ff.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_find_on_disk.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_hotkeys.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_jumpex.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_ml.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_nopro.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_orgler.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_skinmanager.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_timerestore.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_tray.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\gen_undo.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_avi.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_cdda.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_dshow.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_flac.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_flv.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_linein.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_midi.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_mkv.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_mod.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_mp3.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_mp4.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_nsv.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_swf.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_vorbis.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_wav.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_wave.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\in_wm.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_addons.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_autotag.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_bookmarks.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_dash.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_devices.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_disc.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_downloads.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_enqplay.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_history.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_impex.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_local.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_nowplaying.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_online.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_orb.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_playlists.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_plg.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_pmp.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_rg.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_transcode.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ml_wire.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\ombrowser.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\out_disk.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\out_ds.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\out_wave.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\playlist.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\pmp_activesync.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\pmp_android.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\pmp_ipod.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\pmp_njb.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\pmp_p4s.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\pmp_usb.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\pmp_wifi.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\tagz.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\vis_milk2.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\vis_nsfs.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\winamp.lng c:\users\leden\AppData\Local\Temp\WLZ275D.tmp\winampa.lng . ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-19 au 2011-01-19 )))))))))))))))))))))))))))))))))))) . 2011-01-19 22:44 . 2011-01-19 22:45 -------- d-----w- c:\users\leden\AppData\Local\temp 2011-01-19 22:44 . 2011-01-19 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-19 22:32 . 2011-01-19 22:32 388096 ----a-r- c:\users\leden\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2011-01-19 22:32 . 2011-01-19 22:32 -------- d-----w- c:\program files\TrendMicro 2011-01-19 11:38 . 2011-01-19 11:38 98304 --sha-r- c:\windows\system32\WUDFHosti.dll 2011-01-19 11:38 . 2011-01-19 11:38 98304 --sha-r- c:\windows\system32\FXSAPIP.dll 2011-01-17 22:36 . 2011-01-17 23:02 -------- d-----w- c:\users\leden\.zenmap 2011-01-17 22:36 . 2011-01-17 22:36 -------- d-----w- c:\program files\WinPcap 2011-01-17 22:35 . 2011-01-17 22:36 -------- d-----w- c:\program files\Nmap 2011-01-17 21:43 . 2011-01-17 21:43 -------- d-----w- c:\users\leden\AppData\Roaming\teamspeak2 2011-01-17 21:43 . 2011-01-17 21:43 34064 ----a-w- c:\windows\system32\lhacm.acm 2011-01-17 21:43 . 2011-01-17 21:43 -------- d-----w- c:\program files\Teamspeak2_RC2 2011-01-15 18:35 . 2011-01-16 02:51 -------- d-----w- c:\program files\WowCartographe 2011-01-08 17:12 . 2011-01-08 17:12 -------- d-----w- c:\users\leden\AppData\Roaming\Rovio 2011-01-03 18:50 . 2011-01-03 21:50 -------- d-----w- c:\program files\webcamXP 2011-01-03 18:27 . 2007-04-04 19:27 1471104 ----a-w- c:\windows\system32\drivers\usbVM31b.sys 2011-01-03 18:27 . 2007-03-28 09:48 225357 ----a-w- c:\windows\system32\VM31bPrp.Ax 2011-01-03 18:27 . 2007-03-27 16:24 49152 ----a-w- c:\windows\VM301Snap.exe 2011-01-03 18:27 . 2006-07-04 13:16 49152 ----a-w- c:\windows\Domino.exe 2011-01-03 18:27 . 2004-12-10 13:30 61440 ----a-w- c:\windows\system32\VM31bSTI.dll 2011-01-03 18:27 . 2004-12-10 09:07 94208 ----a-w- c:\windows\VMCap.exe 2011-01-03 18:27 . 2002-10-16 08:29 49152 ----a-w- c:\windows\amcap.exe 2010-12-26 14:52 . 2010-11-14 08:06 50176 ----a-w- C:\cports.exe 2010-12-26 14:49 . 2010-12-26 14:49 -------- d-----w- c:\program files\Filesland 2010-12-25 21:22 . 2010-12-25 21:22 -------- d-----w- c:\users\leden\AppData\Roaming\Malwarebytes 2010-12-25 21:22 . 2010-12-25 21:22 -------- d-----w- c:\programdata\Malwarebytes 2010-12-25 21:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-25 21:22 . 2010-12-28 10:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-25 21:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-25 10:14 . 2011-01-16 12:07 -------- d-----w- c:\users\leden\AppData\Roaming\94B6A705FFFE108827692408EB1A9299 2010-12-25 00:43 . 2010-12-25 00:43 0 ----a-w- c:\windows\system32\alk553F.tmp 2010-12-22 17:52 . 2011-01-08 16:39 -------- d-----w- c:\users\leden\AppData\Local\Mirillis 2010-12-22 17:52 . 2010-12-22 17:52 -------- d-----w- c:\users\leden\AppData\Roaming\Mirillis 2010-12-22 17:52 . 2010-12-22 17:52 -------- d-----w- c:\programdata\Mirillis 2010-12-22 17:50 . 2010-12-22 17:50 -------- d-----w- c:\program files\Mirillis . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-01 21:36 . 2010-12-01 21:36 35322368 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe 2010-12-01 21:36 . 2010-12-01 21:36 921600 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr 2010-10-28 11:23 . 2010-09-13 12:47 2217088 ----a-w- c:\windows\system32\BootMan.exe 2010-10-22 06:23 . 2010-12-10 18:35 888424 ----a-w- c:\windows\system32\nvdispco322050.dll 2010-10-22 06:23 . 2010-12-10 18:35 813672 ----a-w- c:\windows\system32\nvgenco322030.dll 2010-10-22 06:23 . 2010-12-10 18:35 57960 ----a-w- c:\windows\system32\OpenCL.dll 2010-10-22 06:23 . 2010-12-10 18:35 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll 2010-10-22 06:23 . 2010-12-10 18:35 319080 ----a-w- c:\windows\system32\nvdecodemft.dll 2010-10-22 06:23 . 2010-12-10 18:35 14899816 ----a-w- c:\windows\system32\nvoglv32.dll 2010-10-22 06:23 . 2010-12-10 18:35 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2010-10-22 06:23 . 2010-12-10 18:35 10023528 ----a-w- c:\windows\system32\nvd3dum.dll 2010-10-22 06:23 . 2010-12-10 18:35 4837480 ----a-w- c:\windows\system32\nvcuda.dll 2010-10-22 06:23 . 2010-12-10 18:35 2912360 ----a-w- c:\windows\system32\nvcuvid.dll 2010-10-22 06:23 . 2010-12-10 18:35 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-10-22 06:23 . 2010-12-10 18:35 1719912 ----a-w- c:\windows\system32\nvapi.dll 2010-10-22 06:23 . 2010-12-10 18:35 13019752 ----a-w- c:\windows\system32\nvcompiler.dll 2010-10-22 06:23 . 2010-12-10 18:35 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd . ------- Sigcheck ------- [-] 2010-03-16 . 076563AA6ABEF78A850D7C7465BD5365 . 2614272 . . [6.1.7600.16385] . . c:\windows\explorer.exe [7] 2010-03-16 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [7] 2010-03-16 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [7] 2010-03-16 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [7] 2010-03-16 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\tbuTo1.dll" [2011-01-19 3911776] [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] 2011-01-19 11:42 3911776 ----a-w- c:\program files\uTorrentBar_FR\tbuTo1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-19 11:42 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files\uTorrentBar_FR\tbuTo1.dll" [2011-01-19 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-19 3911776] [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"= "c:\program files\uTorrentBar_FR\tbuTo1.dll" [2011-01-19 3911776] [HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "BigDogPath"="c:\windows\VM301Snap.exe" [2007-03-27 49152] "Domino"="c:\windows\Domino.exe" [2006-07-04 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "IMJEUIP"="c:\windows\system32\FXSAPIP.dll" [2011-01-19 98304] "Glgqlpiklo"="c:\windows\system32\WUDFHosti.dll" [2011-01-19 98304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2010-01-08 836056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface] 2010-07-18 21:27 1258496 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe R2 AMService;AMService;c:\windows\TEMP\nxiq\setup.exe run [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 cpuz134;cpuz134;c:\windows\TEMP\cpuz134\cpuz134_x32.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-09-12 251248] R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704] R3 rt61x86;802.11g Wireless Driver RT61;c:\windows\system32\DRIVERS\netr61.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-07 691696] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896] S2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [2009-05-17 41984] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392] NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC AppMgmt ? r ? k ? i ? ? ? 8 ? a ? m ? ? ? o ? 2 ? . ? ? ? / ? p ? ? ? c ? u ? ? ? > ? d ? s ? l ? n ? ? ? C ? ? = vkjtjduq ? r ? ] ? i ? ? ? 3 ? a ? h ? ? ? o ? % ? ' ? V ? ? < ? p ? ? c ? y ? ? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs . . ------- Examen supplémentaire ------- . TCP: {0A8050FA-738A-40A9-ACEC-ADF918AA7A6C} = 109.0.66.70,109.0.66.20 FF - ProfilePath - c:\users\leden\AppData\Roaming\Mozilla\Firefox\Profiles\s4ngtjwc.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com . - - - - ORPHELINS SUPPRIMES - - - - BHO-{E68B0BD0-0BD0-E68B-D00B-8BE6D00B8BE6} - c:\windows\system32\alk553f.dll MSConfigStartUp-AnumanLive - \Anuman Interactive\AnumanLive\AnumanLive.exe MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe MSConfigStartUp-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,ea,0d,58,4b,ef,77,44,a5,6c,70,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,ea,0d,58,4b,ef,77,44,a5,6c,70,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3312) c:\program files\GPSoftware\Directory Opus\dopuslib.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\System32\rundll32.exe c:\windows\system32\wbem\WmiApSrv.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Heure de fin: 2011-01-19 23:47:47 - La machine a redémarré ComboFix-quarantined-files.txt 2011-01-19 22:47 Avant-CF: 86 943 191 040 octets libres Après-CF: 86 799 503 360 octets libres - - End Of File - - 9C41FEB680516FD5CD753244744AC0B3

vous pouvez dorénavant dénoncer les tentatives de phishing par l'intermédiaire de ce site dédié à cet effet site de phishing initiative ++

Bonjour merci pour le coup de main paste de DDS.txt DDS (Ver_10-12-12.02) - NTFSx86 Run by leden at 16:28:12,37 on 17/02/2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2814.1827 [GMT 1:00] SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\VM301Snap.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\RapidBIT\cidaemon.exe C:\Program Files\GPSoftware\Directory Opus\dopus.exe D:\jeux\cyber01\PiroxFishBot.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Opera\opera.exe C:\Windows\system32\ntvdm.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Users\leden\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uURLSearchHooks: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTo1.dll mURLSearchHooks: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTo1.dll BHO: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTo1.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: uTorrentBar_FR Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - c:\program files\utorrentbar_fr\tbuTo1.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [bigDogPath] c:\windows\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL) mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab TCP: {0A8050FA-738A-40A9-ACEC-ADF918AA7A6C} = 109.0.66.70,109.0.66.20 SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\leden\appdata\roaming\mozilla\firefox\profiles\s4ngtjwc.default\ FF - component: c:\users\leden\appdata\roaming\mozilla\firefox\profiles\s4ngtjwc.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\leden\appdata\roaming\mozilla\firefox\profiles\s4ngtjwc.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: uTorrentBar_FR Community Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - %profile%\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-4 122984] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-8-7 187392] S2 AcuWVSSchedulerv7;Acunetix WVS Scheduler v7;c:\program files\acunetix\web vulnerability scanner 7\WVSScheduler7.exe [2011-1-24 675128] S2 AMService;AMService;c:\windows\temp\nxiq\setup.exe run --> c:\windows\temp\nxiq\setup.exe run [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FlexService;Remote Connections Service;c:\program files\rapidbit\cisvc.exe [2009-5-17 41984] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-13 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-13 8456] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-9-12 251248] S3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136] S3 StorSvc;Service de stockage;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-20 1343400] =============== Created Last 30 ================ 2011-02-17 13:21:46 -------- d-----w- c:\program files\ZHPFix 2011-02-15 17:56:59 797441 ----a-w- c:\program files\mozilla firefox\PiroxFishBot.exe 2011-02-11 11:35:24 -------- d-----w- c:\program files\Defraggler 2011-02-10 10:43:02 -------- d-----w- c:\users\leden\appdata\local\TouchStoneSoftware 2011-02-10 10:43:01 -------- d-----w- c:\program files\TouchStoneSoftware 2011-02-06 13:32:01 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2011-02-03 23:23:22 -------- d-----w- c:\program files\Acunetix 2011-02-03 20:20:48 -------- d-----w- c:\users\leden\appdata\roaming\RIFT 2011-01-31 00:16:43 -------- d-----w- c:\users\leden\appdata\roaming\SUPERAntiSpyware.com 2011-01-31 00:16:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-01-31 00:16:35 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-01-26 17:27:00 -------- d-----w- c:\program files\IDoser v4 2011-01-26 17:15:35 -------- d-----w- c:\program files\Osmos 2011-01-21 11:45:25 67312 ----a-w- c:\windows\UnDeployV.exe 2011-01-21 11:45:25 -------- d-----w- c:\program files\Digital Photo Software 2011-01-19 23:25:18 -------- d-----w- c:\windows\system32\Wat 2011-01-19 23:19:54 293376 ----a-w- c:\windows\system32\browserchoice.exe 2011-01-19 23:19:32 190976 ----a-w- c:\windows\system32\drivers\ks.sys 2011-01-19 23:17:57 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2011-01-19 23:17:56 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-01-19 23:17:56 308736 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-01-19 23:17:56 168448 ----a-w- c:\windows\system32\srvsvc.dll 2011-01-19 23:17:56 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-01-19 23:17:55 101760 ----a-w- c:\windows\system32\consent.exe 2011-01-19 23:15:59 7680 ----a-w- c:\program files\internet explorer\iecompat.dll 2011-01-19 22:47:05 -------- d-sh--w- C:\$RECYCLE.BIN 2011-01-19 22:44:21 -------- d-----w- c:\users\leden\appdata\local\temp 2011-01-19 22:38:52 89088 ----a-w- c:\windows\MBR.exe 2011-01-19 22:38:51 98816 ----a-w- c:\windows\sed.exe 2011-01-19 22:38:51 256512 ----a-w- c:\windows\PEV.exe 2011-01-19 22:38:51 161792 ----a-w- c:\windows\SWREG.exe 2011-01-19 22:32:33 388096 ----a-r- c:\users\leden\appdata\roaming\microsoft\installer\{0761c9a8-8f3a-4216-b4a7-b7afbf24a24a}\HiJackThis.exe 2011-01-19 22:32:33 -------- d-----w- c:\program files\TrendMicro ==================== Find3M ==================== 2011-01-26 17:15:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-01-26 17:15:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-01-17 21:43:27 34064 ----a-w- c:\windows\system32\lhacm.acm 2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-01-08 03:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-01-08 03:27:00 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-01-08 03:27:00 4941928 ----a-w- c:\windows\system32\nvcuda.dll 2011-01-08 03:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll 2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-01-08 03:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll 2011-01-08 03:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll 2011-01-08 03:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-01-08 03:27:00 10078312 ----a-w- c:\windows\system32\nvd3dum.dll 2011-01-07 20:06:28 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-01-07 20:06:22 3597416 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-07 20:06:14 2620520 ----a-w- c:\windows\system32\nvsvc.dll 2011-01-07 20:06:08 608872 ----a-w- c:\windows\system32\nvvsvc.exe 2011-01-07 20:06:08 2558568 ----a-w- c:\windows\system32\nvsvcr.dll 2011-01-07 20:06:08 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys 2010-12-25 00:43:00 0 ----a-w- c:\windows\system32\alk553F.tmp 2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll 2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll 2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll 2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll 2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll 2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll 2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll 2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll 2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll 2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll 2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll 2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec 2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-12-02 09:12:06 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll 2010-12-01 21:36:47 35322368 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe 2010-12-01 21:36:46 921600 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 6.1.7600 Disk: SAMSUNG_HD103SJ rev.1AJ10001 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x861C35DC]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x861c97b8]; MOV EAX, [0x861c9834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x8304D448] -> \Device\Harddisk0\DR0[0x8663C648] 3 CLASSPNP[0x8B4D859E] -> ntkrnlpa!IofCallDriver[0x8304D448] -> [0x86501F08] 5 ACPI[0x8ADBD3B2] -> ntkrnlpa!IofCallDriver[0x8304D448] -> \IdeDeviceP0T0L0-0[0x85828630] \Driver\atapi[0x85C6F968] -> IRP_MJ_CREATE -> 0x861C35DC kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskSAMSUNG_HD103SJ_________________________1AJ10001#5&17ef7b8e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! sectors 1953525166 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. ============= FINISH: 16:28:39,78 =============== voici attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows 7 Professionnel Boot Device: \Device\HarddiskVolume1 Install Date: 07/08/2010 21:51:47 System Uptime: 17/02/2011 12:19:50 (4 hours ago) Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | | 2133/mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 101 GiB total, 79,271 GiB free. D: is FIXED (NTFS) - 831 GiB total, 418,419 GiB free. E: is CDROM () F: is CDROM () G: is CDROM () H: is Removable I: is Removable J: is Removable K: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 3Planesoft Screensaver Manager 1.2 7-Zip 4.65 Acunetix Web Vulnerability Scanner 7.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Shockwave Player 11.5 Analyseur et SDK MSXML 4.0 SP2 Anno 1404 AnumanLive Assistant de connexion Windows Live Assistant GT v1 Ballance CCleaner CDBurnerXP Dead Rising 2 Defraggler Digital Photo Software FotoMix 8.0 EASEUS Partition Master 6.5.2 Home Edition Edirol HQ Orchestral v1.01 ESET Antivirus License Finder (MiNODLogin) ESET NOD32 Antivirus Farming Simulator 2011 FileZilla Client 3.3.5.1 FileZilla Server (remove only) Google Earth Pro 4.2 GPSoftware Directory Opus HashCheck Shell Extension (x86-32) HiJackThis IconLauncher_GTv1.0.3 Installation Windows Live Java 6 Update 18 Logiciel d'archivage WinRAR Ma-Config.com Machinarium Mafia II Malwarebytes' Anti-Malware Mass Effect 2 Medal of Honor MediaCUB Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile FRA Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended FRA Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Default Manager Microsoft Flight Simulator X Microsoft Flight Simulator X Service Pack 1 Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Silverlight Microsoft Train Simulator Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MiPony 1.2.1 Module linguistique Microsoft .NET Framework 4 Client Profile FRA Module linguistique Microsoft .NET Framework 4 Extended FRA Mozilla Firefox (3.6.12) Mozilla Thunderbird (3.1.7) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser Native Instruments B4 v1.1.5 Nmap 5.21 Notepad++ NVIDIA Install Application NVIDIA Logiciel système PhysX 9.10.0514 NVIDIA PhysX NVIDIA Pilote 3D Vision 266.58 NVIDIA Pilote audio HD : 1.1.13.1 NVIDIA Pilote graphique 266.58 NVIDIA Stereoscopic 3D Driver Open Ports Scanner 2.4 OpenAL OpenOffice.org 3.2 Opera 11.01 Outil de téléchargement Windows Live Panneau de configuration NVIDIA 266.58 proXPN 2.2.8 Rail Simulator RapidBIT Suite Realtek Ethernet Controller Driver Recuva RIFT Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Snow Village 3D Screensaver 1.1 Steinberg Cubase 5 Steinberg Drum Loop Expansion 01 Steinberg Groove Agent ONE Content Steinberg HALionOne Steinberg HALionOne Additional Content Set 01 Steinberg HALionOne Expression Set Steinberg HALionOne GM Drum Set Steinberg HALionOne GM Set Steinberg HALionOne Pro Set Steinberg HALionOne Studio Drum Set Steinberg HALionOne Studio Set Steinberg LoopMash Content Steinberg REVerence Content 01 Steinberg The Grand StreamTransport version: 1.0.2.2171 SumatraPDF SUPERAntiSpyware Synthesia (remove only) System Requirements Lab TeamSpeak 2 RC2 TeamSpeak 3 Client Text-To-Speech-Runtime Tools_GT v1 Trainz: Engineer's Edition True Launch Bar Tweaker GT v1 Ubisoft Game Launcher Undelete Plus 2.98 Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Us long trucks road simulator uTorrentBar_FR Toolbar VLC media player 1.1.2 VueScan webcamXP (remove only) Western Railway 3D Screensaver 1.0 Winamp Windows 7 Manager Windows Live Call Windows Live Communications Platform Windows Live Messenger Windows Media Player Firefox Plugin WinPcap 4.1.1 World of Warcraft Worms Reloaded Wow Cartographe 1.20 ZHPFix 1.12 ==== End Of File ===========================

Bonjour à tous j'ai régulierement des tentatives d'intrusion de virus qui sont fort heureusement bloqué par l'antivirus. sur l'exemple il s'agit d'une photo mais la plupart du temps c'est un exécutable du genre http://l'ip/eapcwon.exe j'ai mis à jour mon système par windows update (windows 7 32) je ne refuse pas un coup de main ou un conseil Par avance merci