[Résolu] Virus tdlcmd.dll impossible à supprimer

Maheva · le 27 novembre 2009

Voici le rapport de Gmer.

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-11-27 17:48:01

Windows 6.0.6002 Service Pack 2

Running: gmer.exe; Driver: C:\Users\Carole\AppData\Local\Temp\kwtdakoc.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x31 0x65 0x1C ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x31 0x65 0x1C ...

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes

File C:\ADSM_PData_0150\DB 0 bytes

File C:\ADSM_PData_0150\DB\SI.db 624 bytes

File C:\ADSM_PData_0150\DB\UL.db 1040 bytes

File C:\ADSM_PData_0150\DB\VL.db 6160 bytes

File C:\ADSM_PData_0150\DB\_avt 512 bytes

File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable

File C:\ADSM_PData_0150\_avt 512 bytes

File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes

File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable

File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

File C:\Users\Carole\Documents sécurisés 0 bytes

File C:\Users\Carole\Documents sécurisés\_avt 512 bytes

File C:\Users\Carole\Documents sécurisés\_lit 512 bytes

File C:\Users\Carole\Vidéos sécurisées 0 bytes

File C:\Users\Carole\Vidéos sécurisées\_avt 512 bytes

File C:\Users\Carole\Vidéos sécurisées\_lit 512 bytes

File C:\Users\Carole\Musique sécurisée 0 bytes

File C:\Users\Carole\Musique sécurisée\_avt 512 bytes

File C:\Users\Carole\Musique sécurisée\_lit 512 bytes

---- EOF - GMER 1.0.15 ----

Merci encore pour ton aide.

Falkra · le 27 novembre 2009

Il y a un de tes logiciels, Daemon Tools ou Alcohol, qui perturbe les logiciels de sécurité. On va les désactiver pour pouvoir accéder correctement à la machine, on les réactivera quand le virus sera retiré.

Télécharge DeFogger de Jpshortstuff sur le bureau.

Double clique sur DeFogger pour démarrer l'outil.

La fenêtre de DeFrogger apparaît
Clique sur le bouton Disable pour désactiver les drivers d'émulateurs CD.
Clique sur Yes pour continuer
Un message 'Finished!' apparaîtra
Clique sur OK
DeFogger demandera de redémarrer la machine, dis OK

Ne réactive PAS ces drivers avant que je te le dise.

Maheva · le 27 novembre 2009

Alors je sais pas vraiment si ça a marché car le logiciel ne m'a pas demandé de redémarrer. Alors j'ai redémarré par moi même. Voici le rapport:

defogger_disable by jpshortstuff (26.11.09.1)

Log created at 20:46 on 27/11/2009 (Carole)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

SPTD -> Already disabled

-=E.O.F=-

Sinon pour les logiciels qui perturbent les logiciels de sécurité, je ne m'en sert plus donc ce n'est pas obligé de les réactiver.

Falkra · le 27 novembre 2009

Ok, ça a fonctionné. Tu peux toujours les désinstaller, si vraiment tu ne les utilises plus.

Télécharge une copie fraîche de combofix :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Remplace le fichier de ton bureau et refais la procédure du post 8 : il ne devrait pas y avoir d'écran bleu là.

Maheva · le 27 novembre 2009

Ok je vais faire ça en esperant que ça marche.

Par contre pour les programme, je trouve ça bizarre car je les avait désinstallé avec ajout/suppression de programme et je pensais que ça avait marché.

En tout cas merci.

Falkra · le 27 novembre 2009

Si ça ne passe pas, on fera d'autres vérifications il peut y avoir des restes de ces programmes.

Maheva · le 27 novembre 2009

Bon alors je comprend pas.

J'ai lancer ComboFix, l'ordi a redémarré, il a fait l'ananlyse mais après j'ai pas eu de rapport qui ait apparu. J'ai chercher dans C:\Combofix.txt mais je n'ai rien trouvé, ni ailleur.

Bizarre car je n'ai pas eu de message d'erreur.

Falkra · le 27 novembre 2009

Curieux. On va regarder ça. C'est mieux qu'un écran bleu en tout cas !

Il y a du mieux.

Télécharge DDS de sUBs, sur le bureau.

L'outil ne nécessite pas d'installation, lance-le en cliquant sur l'icône dds.scr

Une fenêtre DOS va apparaitre. Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.

Il te sera demandé si tu veux faire le scan optionnel. Accepte.

Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.

Poste le rapport DDS.txt seulement, si ça marche, pour le moment.

Maheva · le 27 novembre 2009

Voilà le raport DDS

DDS (Ver_09-11-24.02) - NTFSx86

Run by Carole at 23:20:51,00 on 27/11/2009

Internet Explorer: 8.0.6001.18828

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1887 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ATK Hotkey\MsgTranAgt.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\ACEngSvr.exe

C:\Program Files\ATK Hotkey\HControlUser.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Orange\Systray\SystrayApp.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe

C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE

C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe

C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe

C:\Windows\system32\conime.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Carole\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\program files\orange\searchurlhook\SearchPageURL.dll

BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\orange\antivirus firewall\nrs\iescript\baselitmus.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\orange\antivirus firewall\nrs\iescript\baselitmus.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /fu "c:\windows\temp\E_SACA.tmp" /EF "HKCU"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HControlUser] "c:\program files\atk hotkey\HcontrolUser.exe"

mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe

mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe

mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe

mRun: [symLnch] "c:\program files\common files\symantec shared\symsetup\{c1c185ca-c531-49f5-a6fa-b838405a049d}_15_5_0_23\support\symlnch\symlnch.exe" "c:\progra~1\common~1\symant~1\symsetup\{c1c18~1\SETUP.EXE" " /X"

mRun: [EPSON Stylus DX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaee.exe /f "c:\windows\temp\E_S2EBF.tmp" /EF "HKLM"

mRun: [EPSON Stylus DX4200 Series (Copie 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaee.exe /f "c:\windows\temp\E_S4A38.tmp" /EF "HKLM"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [systrayORAHSS] "c:\program files\orange\systray\SystrayApp.exe"

mRun: [ORAHSSSessionManager] c:\program files\orange\sessionmanager\SessionManager.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\orange\antivirus firewall\fsps\program\FSLSP.DLL

Trusted Zone: orange.fr\www

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-5-30 33920]

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2008-11-21 15416]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\orange\antivirus firewall\hips\drivers\fshs.sys [2009-11-13 68064]

R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-11-13 35680]

R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-13 71040]

R1 fsvista;F-Secure Vista Support Driver;c:\program files\orange\antivirus firewall\anti-virus\minifilter\fsvista.sys [2009-11-13 12384]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\orange\antivirus firewall\anti-virus\minifilter\fsgk.sys [2009-11-13 101496]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\orange\antivirus firewall\orsp client\fsorsp.exe [2009-11-13 55928]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-11-16 48128]

S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-1-21 21504]

S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2009-2-23 75952]

S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2009-2-23 67760]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-4-12 28224]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\orange\antivirus firewall\anti-virus\win2k\fsfilter.sys [2009-11-13 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\orange\antivirus firewall\anti-virus\win2k\fsrec.sys [2009-11-13 25184]

=============== Created Last 30 ================

2009-11-27 21:43:06 0 d-s---w- C:\ComboFix

2009-11-27 19:35:23 0 ----a-w- c:\users\carole\defogger_renable

2009-11-26 18:34:15 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-26 13:57:35 714240 ----a-w- c:\windows\system32\timedate.cpl

2009-11-26 13:48:32 24064 ----a-w- c:\windows\system32\tdlcmd.dll

2009-11-26 13:14:38 0 d-s---w- C:\ComboFix(1)

2009-11-25 17:27:01 0 d-sha-r- C:\autorun.inf

2009-11-25 17:14:47 0 d-----w- C:\UsbFix

2009-11-24 19:34:58 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-24 19:34:58 1401856 ----a-w- c:\windows\system32\msxml6(126).dll

2009-11-24 19:34:49 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-24 19:34:49 1248768 ----a-w- c:\windows\system32\msxml3(124).dll

2009-11-20 17:44:40 16574 ----a-w- c:\windows\EPISMF00.SWB

2009-11-18 19:10:16 12800 ----a-w- c:\windows\system32\tdlclk.dll

2009-11-18 17:48:24 0 d-----w- c:\program files\CCleaner

2009-11-18 10:35:11 0 d-----w- c:\users\carole\appdata\roaming\Auslogics

2009-11-18 10:34:59 0 d-----w- c:\program files\Auslogics

2009-11-16 21:08:22 0 d-----w- c:\program files\Windows Portable Devices

2009-11-16 21:06:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-16 21:00:44 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2009-11-16 21:00:41 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2009-11-16 21:00:40 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2009-11-16 20:58:51 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-11-16 20:56:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-11-16 20:56:23 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-11-16 20:56:22 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-11-16 19:20:26 0 d-----w- c:\users\carole\appdata\roaming\Malwarebytes

2009-11-16 19:20:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-16 19:20:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-16 19:20:13 0 d-----w- c:\programdata\Malwarebytes

2009-11-16 19:20:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-16 11:39:54 98816 ----a-w- c:\windows\sed.exe

2009-11-16 11:39:54 77312 ----a-w- c:\windows\MBR.exe

2009-11-16 11:39:54 260608 ----a-w- c:\windows\PEV.exe

2009-11-16 11:39:54 161792 ----a-w- c:\windows\SWREG.exe

2009-11-13 20:00:42 35680 ----a-w- c:\windows\system32\drivers\fses.sys

2009-11-13 20:00:38 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2009-11-11 10:07:18 2036736 ----a-w- c:\windows\system32\win32k.sys

2009-11-11 10:07:06 355328 ----a-w- c:\windows\system32\WSDApi.dll

2009-11-04 07:16:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2009-11-02 07:43:18 0 d-----w- c:\program files\iPod

2009-11-02 07:43:06 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-11-27 21:52:27 45056 ----a-w- c:\windows\system32\acovcnt.exe

2009-11-27 17:53:56 735946 ----a-w- c:\windows\system32\perfh00C.dat

2009-11-27 17:53:56 153972 ----a-w- c:\windows\system32\perfc00C.dat

2009-11-23 20:31:19 27934 ----a-w- c:\programdata\nvModes.dat

2009-11-16 21:08:04 86016 ----a-w- c:\windows\inf\infstor.dat

2009-11-16 21:08:04 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-16 21:08:04 51200 ----a-w- c:\windows\inf\infpub.dat

2009-11-16 21:08:04 143360 ----a-w- c:\windows\inf\infstrng.dat

2009-11-13 20:08:24 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-08 18:45:12 721904 ------w- c:\windows\system32\drivers\sptd.sys

2009-10-08 09:46:19 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont

2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll

2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll

2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll

2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe

2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll

2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll

2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll

2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll

2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll

2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll

2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll

2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll

2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll

2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll

2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll

2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv

2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe

2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll

2008-07-02 03:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll

2008-05-22 17:35:54 51962 ----a-w- c:\program files\common files\banner.jpg

2008-04-16 11:15:37 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat

2008-04-16 11:15:37 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat

2008-04-16 11:15:37 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat

2008-04-16 11:15:37 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat

2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini

2007-06-12 18:34:50 35822 ----a-w- c:\program files\common files\ASPG_icon.ico

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2004-08-09 21:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

============= FINISH: 23:22:30,50 ===============

Falkra · le 27 novembre 2009

Télécharge ce fichier :

http://www.duplexsecure.com/download/SPTDinst-v162-x86.exe

Exécute-le, et clique sur "uninstall" quand proposé.

Refais un scan Gmer ensuite, avec juste cochés :

A droite, coche Processes, Files , Modules et Services uniquement.

Connexion

Pas encore inscrit ?

[Résolu] Virus tdlcmd.dll impossible à supprimer

Messages recommandés

Maheva

Falkra

Maheva

Falkra

Maheva

Falkra

Maheva

Falkra

Maheva

Falkra

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer