Philoo

Retour en mode sans échec après une tentative en mode normal. Dès que je lance ma session, il m'indique que l'explorateur windows a cessé de fonctionner et me demande si je veux redémarrer le programme ou chercher une solution en ligne. Mais rien ne marche. Le processus explorer.exe a bien sûr disparu du gestionnaire de programmes et est impossible à relancer...

PhysicalMBR.bin - Jotti's malware scan par contre, je suis en mode sans échec, impossible de démarrer normalement. Il me dit que explorateur windows a cessé de fonctionner et pareil pour internet. Mais je vais faire le test étant donné que OTL est passé par là...

rapport OTL (log trouvé sous c:_otl) All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230F5B9F1D3 deleted successfully. File C:\ishigo.exe\ishigo.exe.exe not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07591554-4168-11de-8895-0022683b3223}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07591554-4168-11de-8895-0022683b3223}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07591554-4168-11de-8895-0022683b3223}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07591554-4168-11de-8895-0022683b3223}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a02eeb68-d0e0-11dd-876f-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a02eeb68-d0e0-11dd-876f-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a02eeb68-d0e0-11dd-876f-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a02eeb68-d0e0-11dd-876f-806e6f6e6963}\ not found. File F:\Setupx.exe not found. File move failed. C:\Windows\Tasks\rpqvpimpt.job scheduled to be moved on reboot. C:\Windows\System32\drivers\rptvvkc.sys moved successfully. C:\Windows\MBR.exe moved successfully. C:\Windows\PEV.exe moved successfully. C:\Windows\sed.exe moved successfully. C:\Windows\grep.exe moved successfully. C:\Windows\zip.exe moved successfully. C:\ProgramData\gpcj53uwtvx1p2ijo8nyrob12033l58l4q6x5 moved successfully. C:\Users\Philippe\AppData\Roaming\igxpdv32.dat moved successfully. C:\Users\Philippe\AppData\Roaming\wklnhst.dat moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. File move failed. C:\WINDOWS\tasks\rpqvpimpt.job scheduled to be moved on reboot. File\Folder C:\*.sqm not found. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickGiftLoad.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickGiftLoad1.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickGiftLoad2.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickGiftLoad3.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudDesktopSecurity.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Overview.ini moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt1.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt2.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt3.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt4.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt5.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt6.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt7.zip moved successfully. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadedt8.zip moved successfully. C:\ishigo.exe folder moved successfully. File\Folder C:\Windows\System32\drivers\rptvvkc.sys not found. File\Folder C:\ProgramData\gpcj53uwtvx1p2ijo8nyrob12033l58l4q6x5 not found. File\Folder C:\Users\Philippe\AppData\Roaming\igxpdv32.dat not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: User2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: User3 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Invité ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: User4 ->Temp folder emptied: 33 bytes ->Temporary Internet Files folder emptied: 142307 bytes ->Flash cache emptied: 0 bytes User: NeroMediaHomeUser.4 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Philippe ->Temp folder emptied: 1093719 bytes ->Temporary Internet Files folder emptied: 7714959 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 814 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 233984 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 9,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: User2 ->Flash cache emptied: 0 bytes User: User3 ->Flash cache emptied: 0 bytes User: Invité ->Flash cache emptied: 0 bytes User: User4 ->Flash cache emptied: 0 bytes User: NeroMediaHomeUser.4 ->Flash cache emptied: 0 bytes User: Philippe ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 04262011_183100

Par contre les 2 denières lignes du rapport semblent ne pas passer sur le site (d'où les multiples messages qui se suivent), je mets l'information que vous semblez rechercher : LastSuccessTime: 2011-03-12 21:29:37 Sinon pendant les copier-coller ddu rapport sur le forum, mon pc a bloqué taskhost et explorateur windows qui voulaient accéder au net avec avast au milieu qui a bloqué une URL malveillante et puis tout s'est bloqué. Obligé de tout redémarrer.

========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/04/24 15:14:05 | 000,003,659 | ---- | M] () -- C:\Ad-Report-CLEAN[1].txt [2011/04/24 15:12:05 | 000,003,484 | ---- | M] () -- C:\Ad-Report-SCAN[1].txt [2011/04/24 23:07:50 | 000,003,835 | ---- | M] () -- C:\Ad-Report-SCAN[2].txt [2010/11/20 18:53:26 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2009/07/14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010/01/02 22:40:15 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011/04/24 21:37:28 | 000,000,782 | ---- | M] () -- C:\FyK.txt [2011/04/26 14:00:42 | 3488,849,920 | -HS- | M] () -- C:\hiberfil.sys [2009/03/09 00:46:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/03/09 00:46:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011/04/26 14:00:44 | 3488,849,920 | -HS- | M] () -- C:\pagefile.sys [2011/04/26 14:45:38 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/04/25 17:08:37 | 000,003,298 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_25.04.2011_17.05.29_log.txt < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011/04/24 14:33:42 | 000,098,304 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\config3.dll < %systemroot%\Tasks\*.job /lockedfiles > [2011/04/26 14:01:14 | 000,000,306 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\rpqvpimpt.job < %systemroot%\System32\config\*.sav > < %systemroot%\system32\drivers\*.sys /90 > [2011/04/18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011/04/18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011/04/18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011/04/18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011/04/18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011/04/18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011/02/03 07:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011/04/24 15:34:43 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rptvvkc.sys

========== Files Created - No Company Name ========== [2011/04/26 14:05:10 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/04/25 17:02:47 | 001,263,721 | ---- | C] () -- C:\Users\Philippe\Desktop\tdsskiller.zip [2011/04/25 17:02:36 | 000,879,081 | ---- | C] () -- C:\Users\Philippe\Desktop\SecurityCheck.exe [2011/04/24 16:46:42 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/04/24 16:36:07 | 000,000,037 | ---- | C] () -- C:\Windows\wininit.ini [2011/04/24 15:34:43 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rptvvkc.sys [2011/04/24 15:18:19 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/04/24 15:11:02 | 000,001,841 | ---- | C] () -- C:\Users\Philippe\Desktop\AD-R.lnk [2011/04/24 14:33:42 | 000,098,304 | RHS- | C] () -- C:\Windows\System32\config3.dll [2011/04/24 14:33:42 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\rpqvpimpt.job [2011/04/15 21:32:10 | 177,620,002 | ---- | C] () -- C:\Users\Philippe\Desktop\Thierry.MOV [2011/04/15 21:22:24 | 000,001,008 | ---- | C] () -- C:\Users\Philippe\Desktop\Dropbox.lnk [2011/04/11 21:52:53 | 000,090,653 | ---- | C] () -- C:\Users\Philippe\Desktop\tv pix.pdf [2011/03/31 21:32:05 | 000,000,000 | ---- | C] () -- C:\Windows\vpc32.INI [2011/02/20 00:01:11 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011/02/20 00:01:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011/02/20 00:01:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/02/20 00:01:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/02/20 00:01:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/02/19 21:10:16 | 000,011,888 | -HS- | C] () -- C:\ProgramData\gpcj53uwtvx1p2ijo8nyrob12033l58l4q6x5 [2011/02/09 21:40:00 | 000,661,465 | ---- | C] () -- C:\Users\Philippe\AppData\Roaming\igxpdv32.dat [2010/11/20 18:58:33 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010/11/20 18:58:33 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010/10/24 11:16:08 | 000,000,080 | ---- | C] () -- C:\Users\Philippe\AppData\Roaming\wklnhst.dat [2010/09/06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010/09/06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010/09/06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010/09/06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010/08/18 21:40:24 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2010/07/24 16:03:00 | 000,000,571 | ---- | C] () -- C:\Windows\System32\FeMakro.ini [2010/07/24 16:03:00 | 000,000,497 | ---- | C] () -- C:\Windows\System32\FeAnim.ini [2010/06/15 23:28:42 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010/04/25 16:53:43 | 000,000,017 | ---- | C] () -- C:\Users\Philippe\AppData\Local\resmon.resmoncfg [2010/02/09 23:06:43 | 000,003,584 | ---- | C] () -- C:\Users\Philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/03 01:35:13 | 000,698,897 | ---- | C] () -- C:\Windows\unins000.exe [2010/01/03 01:35:13 | 000,008,410 | ---- | C] () -- C:\Windows\unins000.dat [2010/01/02 23:22:21 | 000,022,064 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2010/01/02 22:43:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/11/16 20:02:53 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe [2009/11/16 20:02:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe [2009/11/16 20:02:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe [2009/10/22 17:59:00 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009/08/20 08:36:33 | 000,000,040 | ---- | C] () -- C:\Windows\INTER.INI [2009/08/20 08:35:27 | 000,284,160 | ---- | C] () -- C:\Windows\unin040c.exe [2009/07/14 10:39:49 | 000,704,242 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2009/07/14 10:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2009/07/14 10:39:49 | 000,130,548 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2009/07/14 10:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 06:33:53 | 001,724,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009/05/16 14:53:35 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2009/05/16 14:51:43 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv [2009/05/16 14:51:42 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2009/04/05 18:54:36 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL [2009/04/02 22:28:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/03/10 00:03:43 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI [2009/03/09 23:53:24 | 000,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI [2009/03/09 01:19:25 | 000,000,000 | ---- | C] () -- C:\Windows\COMPANIONAPP.INI [2009/03/09 00:47:13 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2009/03/07 23:32:10 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI [2009/03/07 16:41:25 | 000,000,040 | ---- | C] () -- C:\Windows\System32\profile.dat [2009/03/07 16:22:46 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys [2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008/12/23 13:33:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008/12/23 13:33:11 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008/10/31 06:45:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008/10/31 06:45:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008/10/31 06:35:00 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008/10/31 06:26:43 | 000,004,984 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

finalement rapport 2/3 ========== Files/Folders - Created Within 30 Days ========== [2011/04/26 14:41:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe [2011/04/24 22:07:11 | 000,000,000 | ---D | C] -- C:\_OTL [2011/04/24 21:36:58 | 000,000,000 | ---D | C] -- C:\FyK [2011/04/24 20:56:46 | 000,000,000 | ---D | C] -- C:\Users\Philippe\Desktop\backups [2011/04/24 20:30:45 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Philippe\Desktop\HiJackThis.exe [2011/04/24 16:46:41 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011/04/24 16:46:41 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011/04/24 16:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011/04/24 16:46:40 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011/04/24 16:46:40 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011/04/24 16:46:40 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011/04/24 16:46:40 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011/04/24 16:46:35 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011/04/24 16:46:35 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011/04/24 16:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011/04/24 16:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011/04/24 16:44:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/04/24 15:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011/04/24 14:18:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/04/16 22:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2011/04/15 21:22:24 | 000,000,000 | R--D | C] -- C:\Users\Philippe\Dropbox [2011/04/15 21:20:51 | 000,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011/04/15 21:20:40 | 000,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\Dropbox [2008/10/31 14:57:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011/04/26 14:45:38 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/04/26 14:42:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe [2011/04/26 14:08:21 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/26 14:08:21 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/26 14:07:05 | 000,704,242 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/04/26 14:07:05 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/04/26 14:07:05 | 000,130,548 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/04/26 14:07:05 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/04/26 14:01:22 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/04/26 14:01:14 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\rpqvpimpt.job [2011/04/26 14:00:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/04/26 14:00:42 | 3488,849,920 | -HS- | M] () -- C:\hiberfil.sys [2011/04/25 18:00:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/04/25 17:03:40 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Philippe\Desktop\TDSSKiller.exe [2011/04/25 17:02:53 | 001,263,721 | ---- | M] () -- C:\Users\Philippe\Desktop\tdsskiller.zip [2011/04/25 17:02:39 | 000,879,081 | ---- | M] () -- C:\Users\Philippe\Desktop\SecurityCheck.exe [2011/04/24 20:30:48 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Philippe\Desktop\HiJackThis.exe [2011/04/24 19:26:14 | 000,000,037 | ---- | M] () -- C:\Windows\wininit.ini [2011/04/24 16:46:42 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/04/24 16:46:40 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011/04/24 15:34:43 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rptvvkc.sys [2011/04/24 15:18:19 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/04/24 15:11:02 | 000,001,841 | ---- | M] () -- C:\Users\Philippe\Desktop\AD-R.lnk [2011/04/24 14:33:42 | 000,098,304 | RHS- | M] () -- C:\Windows\System32\config3.dll [2011/04/18 19:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011/04/18 19:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011/04/18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011/04/18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011/04/18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011/04/18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011/04/18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011/04/18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011/04/15 21:32:11 | 177,620,002 | ---- | M] () -- C:\Users\Philippe\Desktop\Thierry.MOV [2011/04/15 21:22:24 | 000,001,008 | ---- | M] () -- C:\Users\Philippe\Desktop\Dropbox.lnk [2011/04/11 21:57:28 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv [2011/04/11 21:52:55 | 000,090,653 | ---- | M] () -- C:\Users\Philippe\Desktop\tv pix.pdf [2011/03/31 21:52:15 | 000,000,040 | ---- | M] () -- C:\Windows\System32\profile.dat [2011/03/31 21:32:05 | 000,000,000 | ---- | M] () -- C:\Windows\vpc32.INI

Rapport OTl (1/2) Par contre impossible d'obtenir le rapport Extras... OTL logfile created on: 26/04/2011 14:44:54 - Run 5 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Philippe\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,59 Gb Total Space | 94,73 Gb Free Space | 40,73% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 531,39 Gb Free Space | 89,13% Space Free | Partition Type: NTFS Drive E: | 348,93 Gb Total Space | 347,56 Gb Free Space | 99,61% Space Free | Partition Type: NTFS Drive G: | 1,86 Gb Total Space | 1,86 Gb Free Space | 100,00% Space Free | Partition Type: FAT Computer Name: PC | User Name: Philippe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/26 14:42:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe PRC - [2011/04/18 19:41:39 | 003,261,440 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\setup\avast.setup PRC - [2011/04/18 19:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/04/18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010/10/28 18:55:02 | 000,294,912 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2010/10/27 12:36:24 | 003,365,176 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010/09/06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe PRC - [2010/09/06 09:11:32 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009/11/25 05:17:34 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/11/25 05:17:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/08/13 16:54:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/09/08 12:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe PRC - [2008/08/04 11:16:00 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2008/06/04 18:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe ========== Modules (SafeList) ========== MOD - [2011/04/26 14:42:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe MOD - [2011/04/18 19:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/04/18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010/09/06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc) SRV - [2010/09/06 09:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/11/25 05:17:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/08/21 22:10:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/08/13 16:54:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/09/08 12:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2008/06/04 18:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2008/05/20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) ========== Driver Services (SafeList) ========== DRV - [2011/04/18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/04/18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/04/18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/04/18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/04/18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/04/18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/09/06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010/09/06 09:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010/08/28 16:23:11 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2010/08/28 16:23:11 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010/07/20 12:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2010/07/20 12:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2010/07/20 12:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/06/23 11:24:56 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010/04/27 04:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010/04/27 04:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010/04/27 04:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010/02/26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010/02/26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/02/26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/02/26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009/11/25 05:51:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/10/26 09:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009/08/06 04:59:30 | 000,750,592 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/03/19 22:07:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/10/01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/08/24 21:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008/08/18 12:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008/08/18 12:58:42 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvrd32.sys -- (nvrd32) DRV - [2008/07/22 05:11:16 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NVAMACPI.sys -- (nvamacpi) DRV - [2008/07/07 21:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/06/04 18:59:50 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts) DRV - [2007/09/12 10:20:58 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2006/09/24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan) DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/24 16:46:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 14:14:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 14:14:02 | 000,000,000 | ---D | M] [2010/01/02 23:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philippe\AppData\Roaming\mozilla\Extensions [2010/03/11 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philippe\AppData\Roaming\mozilla\Firefox\Profiles\0o42spbo.default\extensions [2011/04/24 14:14:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philippe\AppData\Roaming\mozilla\Firefox\Profiles\0o42spbo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/03/11 21:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/06/20 22:30:53 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2010/06/20 22:30:53 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2010/06/20 22:30:53 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml [2010/06/20 22:30:53 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2010/06/20 22:30:53 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml Hosts file not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [4E3E0230F5B9F1D3] C:\ishigo.exe\ishigo.exe.exe (kickus) O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Impression rapide - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Imprimer - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Prévisualiser - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - File not found O13 - gopher Prefix: missing O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.google.com/s/v/71.37/uploader2.cab (UploadListView Class) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1282142814755 (MUCatalogWebControl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.photoweb.fr/telechargement/telechargement-photoweb-6.5.6.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} https://vpnssl.cea.fr/postauthACC/SodaAgent.CAB (SodaAgt Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{07591554-4168-11de-8895-0022683b3223}\Shell - "" = AutoRun O33 - MountPoints2\{07591554-4168-11de-8895-0022683b3223}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{a02eeb68-d0e0-11dd-876f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a02eeb68-d0e0-11dd-876f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setupx.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

Désolé pour le formattage de texte, ça s'est fait automatiquement.

Rebonjour, Ci-dessous le rapport ESET suivi de security check. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip ver C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip ver C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip ver C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip ver C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip ver C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip ver C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip ver C:\ProgramData\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip ver C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip ver //////////////////////////////////////////////////////////////////// Results of screen317's Security Check version 0.99.10 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Java 6 Update 14 Out of date Java installed! Adobe Flash Player 10.0.22.87 Adobe Reader 8.1.0 - Français Out of date Adobe Reader installed! Mozilla Firefox (3.0.10) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` Pour info : Suite à l'infection, je suis passé de norton symantec "officiel" par licence professionnelle à avast gratuit. Le symantec était un peu ancien (2007) et pas top avec windows 7 (mais ça n'engage que moi...). Complément concernant le pc : _je ne peux pas ouvrir d'onglet supplémentaire sous internet explorer, ça bloque... C'était déjà le cas avant de lancer tdss, ... Suite au scan en ligne qui a nécessité l'arret d'avast et à reboot demandé : A mon ouverture de session, j'obtiens un écran noir. ça m'étais arrivé hier am et je m'en étais sorti en faisant tourné spybot ou avast qui avaient détecté des fichiers pas sympas sous system32 ou sous la racine. Donc je suis obligé de redémarrer sous mode sans échec avec prise en charge réseau (à noter qu'hier am, le mode sans échec ne fonctionnait pas...). Et toujours l'erreur A0 à l'arret qui redémarre le pc... Sinon pendant que system check tournait, j'ai eu 2 erreurs du type "Line -1 Objet attendu ...". Mais ça s'est terminé normalement. Enfin voilou. Merci de votre aide.

Bonjour, Merci pour la réponse rapide. Ci-dessous le rapport TDS. Les autres suivent. 2011/04/25 17:05:29.0169 3572 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/25 17:05:29.0185 3572 ================================================================================ 2011/04/25 17:05:29.0185 3572 SystemInfo: 2011/04/25 17:05:29.0185 3572 2011/04/25 17:05:29.0185 3572 OS Version: 6.1.7600 ServicePack: 0.0 2011/04/25 17:05:29.0185 3572 Product type: Workstation 2011/04/25 17:05:29.0185 3572 ComputerName: PC 2011/04/25 17:05:29.0185 3572 UserName: Philippe 2011/04/25 17:05:29.0185 3572 Windows directory: C:\Windows 2011/04/25 17:05:29.0185 3572 System windows directory: C:\Windows 2011/04/25 17:05:29.0185 3572 Processor architecture: Intel x86 2011/04/25 17:05:29.0185 3572 Number of processors: 4 2011/04/25 17:05:29.0185 3572 Page size: 0x1000 2011/04/25 17:05:29.0185 3572 Boot type: Normal boot 2011/04/25 17:05:29.0185 3572 ================================================================================ 2011/04/25 17:05:29.0403 3572 Initialize success 2011/04/25 17:05:31.0649 2160 ================================================================================ 2011/04/25 17:05:31.0649 2160 Scan started 2011/04/25 17:05:31.0649 2160 Mode: Manual; 2011/04/25 17:05:31.0649 2160 ================================================================================ 2011/04/25 17:05:36.0501 2160 ================================================================================ 2011/04/25 17:05:36.0501 2160 Scan finished 2011/04/25 17:05:36.0501 2160 ================================================================================

Bonjour, Je viens vers vous suite au virolage de mon pc aujourd'hui. Il est en effet de plus en plus lent et ça devient difficile d'ouvrir des fenêtres internet. Pour résumer, j'ai effectuer les opérations suivantes suite à l'infection : Désactivation restauration du système après une tentative infructueuse. malware malebytes (3 scans différents au cours la journées, les virus revenaient...) : scan 1 : 24/04/2011 13:43:39 mbam-log-2011-04-24 (13-43-39).txt Module(s) mémoire infecté(s): c:\Users\Philippe\AppData\Local\Wiplicor.dll (Trojan.Hiloti) -> Delete on reboot. Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vpace (Trojan.Hiloti) -> Value: Vpace -> Delete on reboot. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Users\Philippe\AppData\Local\Wiplicor.dll (Trojan.Hiloti) -> Delete on reboot. Scan 2 : Fichier(s) infecté(s): c:\Users\Philippe\AppData\Roaming\ntuser.dat (VirTool.Obfuscator) -> Quarantined and deleted successfully. Scan 3 : Fichier(s) infecté(s): c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully. En paralèlle, j'ai lancé spybot qui m'a detecté win32.Fraudload.edt et click.giftload qui revenaient après chaque redémarrage malgré la désactivation de la restauration. En utilisant hijackthis, j'ai pu fixer une clé de registre qui lancer le win32.fraudload.edt. Par contre pour le click.giftload, j'ai lancer OTL et ai pu voir que mes hosts étaient corrompus, d'où un reset du fichier host par OTL. Mais ça n'a pas suffit. Ah oui, en parallèle, j'ai essayé l'outils de kapersky TDSSkiller, sans succès. Et depuis la première infection, je ne peux plus arrêter mon pc normalement qui s'arrête avec un BSOD A0 "internal Power Error" qui reboot le pc... Dernière chose, toute mise à jour par windows update est impossible : erreur 80072EFE. Ce qui me fait dire que je me suis chopé un rootkit de &é"'é#~'é"'$¤*%ù§!. Merci d'avance à tous ceux qui pourraient m'aider. En attendant de vos nouvelles. @ bientôt Philoo