[Résolu] Virus tdlcmd.dll impossible à supprimer

Maheva · le 7 décembre 2009

Voici le rapport:

ComboFix 09-12-03.06 - Carole 07/12/2009 23:02.8.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2135 [GMT 1:00]

Lancé depuis: c:\users\Carole\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Carole\Desktop\CFscript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\windows\System32\tdlclk.dll"

"c:\windows\System32\tdlcmd.dll"

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-07 au 2009-12-07 ))))))))))))))))))))))))))))))))))))

.

2009-12-07 22:15 . 2009-12-07 22:19 -------- d-----w- c:\users\Carole\AppData\Local\temp

2009-12-07 22:15 . 2009-12-07 22:15 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-12-07 22:15 . 2009-12-07 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-12-04 17:17 . 2009-08-05 15:57 71040 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2009-11-26 18:34 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 17:14 . 2009-11-25 17:32 4096 d-----w- C:\UsbFix

2009-11-25 17:05 . 2009-11-26 12:23 -------- d-----w- C:\rsit

2009-11-24 19:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-24 19:34 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6(126).dll

2009-11-24 19:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-24 19:34 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3(124).dll

2009-11-18 17:48 . 2009-11-18 17:48 -------- d-----w- c:\program files\CCleaner

2009-11-18 10:35 . 2009-11-18 10:35 -------- d-----w- c:\users\Carole\AppData\Roaming\Auslogics

2009-11-18 10:34 . 2009-11-18 10:34 -------- d-----w- c:\program files\Auslogics

2009-11-16 21:08 . 2009-11-16 21:08 -------- d-----w- c:\program files\Windows Portable Devices

2009-11-16 21:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2009-11-16 21:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2009-11-16 21:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2009-11-16 20:58 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-11-16 20:58 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-11-16 20:58 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-11-16 20:58 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-11-16 20:58 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-11-16 20:58 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-11-16 20:58 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-11-16 20:58 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-11-16 20:58 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-11-16 20:56 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-11-16 20:56 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-11-16 20:56 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-11-16 19:20 . 2009-11-16 19:20 -------- d-----w- c:\users\Carole\AppData\Roaming\Malwarebytes

2009-11-16 19:20 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-16 19:20 . 2009-11-29 17:36 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-16 19:20 . 2009-11-16 19:20 -------- d-----w- c:\progra~2\Malwarebytes

2009-11-16 19:20 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-13 20:00 . 2009-08-05 15:57 35680 ----a-w- c:\windows\system32\drivers\fses.sys

2009-11-11 10:07 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys

2009-11-11 10:07 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-07 22:17 . 2008-11-21 04:44 45056 ----a-w- c:\windows\system32\acovcnt.exe

2009-12-04 17:30 . 2009-05-30 19:28 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2009-12-04 17:17 . 2008-04-16 11:16 750410 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-04 17:17 . 2008-04-16 11:16 160668 ----a-w- c:\windows\system32\perfc00C.dat

2009-12-04 17:15 . 2009-04-12 13:59 4096 d-----w- c:\program files\Orange

2009-12-02 21:09 . 2009-01-20 21:38 27934 ----a-w- c:\progra~2\nvModes.dat

2009-11-26 13:41 . 2008-11-21 04:37 -------- d-----w- c:\progra~2\P4G

2009-11-26 13:41 . 2009-04-22 08:50 4096 d-----w- c:\program files\Bonjour

2009-11-26 13:41 . 2008-11-21 04:32 4096 d-----w- c:\program files\ATKGFNEX

2009-11-26 13:41 . 2008-11-21 04:25 4096 d-----w- c:\program files\ASUS

2009-11-26 13:41 . 2008-11-21 04:05 -------- d-----w- c:\program files\ATKOSD2

2009-11-26 13:41 . 2008-11-21 04:05 8192 d-----w- c:\program files\ATK Hotkey

2009-11-26 13:41 . 2008-11-21 02:36 12288 d-----w- c:\program files\Common Files\LightScribe

2009-11-18 17:38 . 2009-01-21 13:04 4096 d-----w- c:\program files\Windows Live

2009-11-16 21:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-16 21:06 . 2009-11-16 21:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-13 18:34 . 2009-01-20 21:50 -------- d-----w- c:\program files\Securitoo

2009-11-12 10:10 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail

2009-11-12 09:52 . 2008-11-21 02:22 65536 d-----w- c:\progra~2\Microsoft Help

2009-11-05 15:24 . 2009-01-20 19:52 131160 ----a-w- c:\users\Carole\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-05 14:00 . 2009-10-09 16:36 -------- d-----w- c:\progra~2\Pinnacle

2009-11-02 19:42 . 2009-10-02 18:31 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-02 07:44 . 2009-11-02 07:43 4096 d-----w- c:\program files\iTunes

2009-11-02 07:43 . 2009-11-02 07:43 -------- d-----w- c:\program files\iPod

2009-11-02 07:43 . 2009-04-22 08:44 -------- d-----w- c:\program files\Common Files\Apple

2009-10-23 17:17 . 2009-10-22 13:19 -------- d-----w- c:\users\Carole\AppData\Roaming\proDAD

2009-10-22 13:16 . 2008-11-21 02:36 12288 d--h--w- c:\program files\InstallShield Installation Information

2009-10-22 13:10 . 2009-10-22 13:10 -------- d-----w- c:\progra~2\Pinnacle Studio Ultimate

2009-10-11 03:17 . 2009-05-27 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-09 16:33 . 2009-10-09 16:32 -------- d-----w- c:\program files\Common Files\SureThing Shared

2009-10-09 16:31 . 2009-10-09 16:31 -------- d-----w- c:\progra~2\NOS

2009-10-09 16:31 . 2009-10-09 16:31 -------- d-----w- c:\program files\NOS

2009-10-08 18:51 . 2009-05-25 17:07 680 ----a-w- c:\users\Carole\AppData\Local\d3d9caps.dat

2009-10-08 18:45 . 2009-10-08 18:45 721904 ------w- c:\windows\system32\drivers\sptd.sys

2009-10-01 01:02 . 2009-11-16 20:59 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-10-01 01:02 . 2009-11-16 20:59 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-10-01 01:01 . 2009-11-16 20:59 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-09-25 02:10 . 2009-11-16 20:59 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2009-09-25 02:07 . 2009-11-16 20:59 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2009-09-25 02:04 . 2009-11-16 20:59 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2009-09-25 01:49 . 2009-11-16 20:59 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2009-09-25 01:48 . 2009-11-16 20:59 351232 ----a-w- c:\windows\system32\XpsPrint.dll

2009-09-25 01:38 . 2009-11-16 20:59 847360 ----a-w- c:\windows\system32\OpcServices.dll

2009-09-25 01:36 . 2009-11-16 20:59 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2009-09-25 01:35 . 2009-11-16 20:59 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2009-09-25 01:33 . 2009-11-16 20:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2009-09-25 01:33 . 2009-11-16 20:59 829440 ----a-w- c:\windows\system32\d3d10warp.dll

2009-09-25 01:33 . 2009-11-16 20:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2009-09-25 01:32 . 2009-11-16 20:59 252928 ----a-w- c:\windows\system32\dxdiag.exe

2009-09-25 01:31 . 2009-11-16 20:59 519680 ----a-w- c:\windows\system32\d3d11.dll

2009-09-25 01:31 . 2009-11-16 20:59 486912 ----a-w- c:\windows\system32\d3d10level9.dll

2009-09-25 01:31 . 2009-11-16 20:59 161280 ----a-w- c:\windows\system32\d3d10_1.dll

2009-09-25 01:31 . 2009-11-16 20:59 218112 ----a-w- c:\windows\system32\d3d10_1core.dll

2009-09-25 01:31 . 2009-11-16 20:59 1030144 ----a-w- c:\windows\system32\d3d10.dll

2009-09-25 01:31 . 2009-11-16 20:59 828928 ----a-w- c:\windows\system32\d2d1.dll

2009-09-25 01:30 . 2009-11-16 20:59 190464 ----a-w- c:\windows\system32\d3d10core.dll

2009-09-25 01:30 . 2009-11-16 20:59 481792 ----a-w- c:\windows\system32\dxgi.dll

2009-09-25 01:27 . 2009-11-16 20:59 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2009-09-25 01:27 . 2009-11-16 20:59 37888 ----a-w- c:\windows\system32\cdd.dll

2009-09-25 01:27 . 2009-11-16 20:59 793088 ----a-w- c:\windows\system32\FntCache.dll

2009-09-25 01:27 . 2009-11-16 20:59 1064448 ----a-w- c:\windows\system32\DWrite.dll

2009-09-24 22:54 . 2009-11-16 20:59 258048 ----a-w- c:\windows\system32\winspool.drv

2009-09-24 22:54 . 2009-11-16 20:59 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2009-09-24 22:54 . 2009-11-16 20:59 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2009-09-14 09:29 . 2009-10-14 18:28 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-09-10 16:48 . 2009-10-14 18:46 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 14:59 . 2009-10-28 07:52 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-10 14:58 . 2009-10-28 07:52 310784 ----a-w- c:\windows\system32\unregmp2.exe

2008-07-02 03:28 . 2008-07-02 03:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll

2008-05-22 17:35 . 2008-05-22 17:35 51962 ----a-w- c:\program files\Common Files\banner.jpg

2007-06-12 18:34 . 2007-06-12 18:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico

2004-08-09 21:30 . 2009-06-17 17:18 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704]

"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]

"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-11-21 47672]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-21 33136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]

"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-12 6265376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):01,2c,9a,f6,48,18,ca,01

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [30/05/2009 20:28 33920]

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [21/11/2008 05:30 15416]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [04/12/2009 18:16 68064]

R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [13/11/2009 21:00 35680]

R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [04/12/2009 18:17 71040]

R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [04/12/2009 18:15 12384]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [04/12/2009 18:15 101496]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [04/12/2009 18:16 55936]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [16/11/2007 05:09 48128]

S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504]

S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [23/02/2009 15:25 75952]

S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [23/02/2009 15:25 67760]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [12/04/2009 15:03 28224]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\Antivirus Firewall\Anti-Virus\win2k\fsfilter.sys [04/12/2009 18:15 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\Antivirus Firewall\Anti-Virus\win2k\fsrec.sys [04/12/2009 18:15 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contenu du dossier 'Tâches planifiées'

2009-12-07 c:\windows\Tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job

- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL

Trusted Zone: orange.fr\www

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-07 23:18

Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP0000000855022F1356E67159 524288 bytes executable

C:\ADSM_PData_0150

Scan terminé avec succès

Fichiers cachés: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll >>UNKNOWN [0x85D231F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x8afabd24

\Driver\ACPI -> acpi.sys @ 0x82e12d68

\Driver\atapi -> 0x85d231f8

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1096)

c:\program files\orange\antivirus firewall\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(656)

c:\program files\orange\antivirus firewall\hips\fshook32.dll

- - - - - - - > 'Explorer.exe'(1256)

c:\program files\orange\antivirus firewall\hips\fshook32.dll

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\windows\system32\WLANExt.exe

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\program files\ASUS\SmartLogon\sensorsrv.exe

c:\program files\ATK Hotkey\Hcontrol.exe

c:\program files\ATK Hotkey\MsgTranAgt.exe

c:\program files\Wireless Console 2\wcourier.exe

c:\program files\ASUS\ASUS CopyProtect\aspg.exe

c:\program files\P4G\BatteryLife.exe

c:\program files\ASUS\Splendid\ACMON.exe

c:\windows\System32\ACEngSvr.exe

c:\program files\ATK Hotkey\ATKOSD.exe

c:\program files\ATK Hotkey\KBFiltr.exe

c:\program files\ATK Hotkey\WDC.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe

c:\program files\Orange\Antivirus Firewall\Common\FSMA32.EXE

c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE

c:\program files\ASUS\NB Probe\SPM\spmgr.exe

c:\program files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe

c:\program files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe

c:\program files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Heure de fin: 2009-12-07 23:27 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-12-07 22:27

ComboFix2.txt 2009-12-04 17:05

Avant-CF: 80 045 527 040 octets libres

Après-CF: 80 127 156 224 octets libres

- - End Of File - - 789BEA36977F0436505266CB77E00CA2

Falkra · le 9 décembre 2009

Tout n'est pas éliminé on dirait.

Double clicque sur OTL pour le démarrer. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.

Sous l'emplacement "Custom Scan" copie colle le contenu de cette boite CODE :

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
CREATERESTOREPOINT

Clique sur le bouton "Quick Scan". Ne change aucun réglage, sauf si on te le demande. Le scan sera rapide.

A la fin du scan, le bloc-notes sera ouvert, avec dedans OTL.Txt et Extras.Txt. Ce sont deux fichiers de rapports, sauvegardés au même encdroit qu'OTL.exe, que tu as téléchargé.

Copie-colle le contenu de ces fichiers dans ta prochaine réponse stp.

Maheva · le 9 décembre 2009

Bonjour,

Voici le rapport OTL.txt

Par contre je n'ai pas de rapport extras.txt

OTL logfile created on: 09/12/2009 14:12:51 - Run 3

OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Carole\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18828)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 88,74% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 78,03 Gb Free Space | 52,36% Space Free | Partition Type: NTFS

Drive D: | 139,28 Gb Total Space | 133,76 Gb Free Space | 96,04% Space Free | Partition Type: NTFS

Drive E: | 3,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

Drive G: | 596,02 Gb Total Space | 243,93 Gb Free Space | 40,93% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ORDI-DE-CAROLE

Current User Name: Carole

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/04 18:30:24 | 00,347,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe

PRC - [2009/12/04 18:30:24 | 00,055,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe

PRC - [2009/12/04 18:29:23 | 00,599,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe

PRC - [2009/12/04 18:29:23 | 00,476,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE

PRC - [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe

PRC - [2009/08/05 16:58:52 | 00,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE

PRC - [2009/08/05 16:58:50 | 00,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE

PRC - [2009/08/05 16:58:50 | 00,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE

PRC - [2009/08/05 16:57:20 | 00,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe

PRC - [2009/08/05 16:56:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe

PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009/04/11 07:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe

PRC - [2009/04/11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/11/21 05:38:40 | 00,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe

PRC - [2008/08/13 00:21:11 | 06,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/07/09 18:14:06 | 00,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2008/06/26 06:58:59 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

PRC - [2008/06/25 04:01:08 | 00,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe

PRC - [2008/06/19 21:18:12 | 00,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe

PRC - [2008/06/18 07:10:24 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008/06/09 19:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2008/06/09 19:16:32 | 02,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

PRC - [2008/06/04 02:29:08 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2008/02/02 00:17:26 | 00,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe

PRC - [2008/01/24 00:34:42 | 07,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2008/01/23 19:51:28 | 00,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe

PRC - [2008/01/21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe

PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2008/01/12 07:40:10 | 00,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe

PRC - [2007/12/06 11:12:57 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

PRC - [2007/12/06 11:12:43 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2007/12/04 19:57:06 | 02,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe

PRC - [2007/11/30 20:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/11/05 04:48:06 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe

PRC - [2007/10/03 06:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe

PRC - [2007/09/25 19:08:58 | 00,094,208 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\Systray\SystrayApp.exe

PRC - [2007/09/25 18:58:46 | 00,598,016 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\Launcher\Launcher.exe

PRC - [2007/09/25 18:33:26 | 00,716,800 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\connectivitymanager.exe

PRC - [2007/09/25 18:32:00 | 00,028,672 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

PRC - [2007/09/25 18:31:52 | 00,360,448 | ---- | M] (France Telecom SA) -- C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

PRC - [2007/09/25 18:28:12 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

PRC - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

PRC - [2007/09/25 18:24:56 | 00,090,112 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

PRC - [2007/08/15 20:20:16 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe

PRC - [2007/08/08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007/08/03 21:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2007/07/06 01:53:44 | 01,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe

PRC - [2007/05/18 11:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2005/07/07 00:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

========== Modules (SafeList) ==========

MOD - [2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe

MOD - [2009/08/05 16:58:30 | 00,330,336 | ---- | M] () -- \\?\c:\program files\orange\antivirus firewall\hips\fshook32.dll

MOD - [2009/04/11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/04 18:30:24 | 00,055,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe -- (FSORSPClient)

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009/09/25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/09/23 15:36:06 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/08/05 16:58:52 | 00,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Common\FSMA32.EXE -- (FSMA)

SRV - [2009/08/05 16:57:20 | 00,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe -- (FSDFWD)

SRV - [2009/08/05 16:56:10 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/06/26 06:58:59 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)

SRV - [2008/06/09 19:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007/10/03 06:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)

SRV - [2007/08/08 09:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/08/03 21:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2007/05/18 11:31:16 | 00,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

SRV - [2007/02/20 14:53:06 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)

SRV - [2007/02/20 14:53:02 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)

SRV - [2007/01/26 11:39:06 | 00,075,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe -- (ICScsiSV)

SRV - [2007/01/26 11:38:48 | 00,067,760 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe -- (IcVzMonLauncher)

SRV - [2007/01/26 11:38:48 | 00,043,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)

SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)

SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Orange\Antivirus Firewall\NRS\litmus-ff@f-secure.com [2009/12/04 18:30:32 | 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Orange\Antivirus Firewall\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe (France Telecom SA)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [systrayORAHSS] C:\Program Files\Orange\Systray\SystrayApp.exe (France Telecom SA)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Orange\Antivirus Firewall\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O15 - HKCU\..Trusted Domains: orange.fr ([www] http in Sites de confiance)

O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/11/25 18:27:01 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/25 18:27:01 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/11/25 18:27:04 | 00,000,000 | R--D | M] - G:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 00,000,000 | ---D | M]

NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/07 23:27:59 | 00,000,000 | ---D | C] -- C:\Windows\temp

[2009/12/07 23:27:59 | 00,000,000 | ---D | C] -- C:\Users\Carole\AppData\Local\temp

[2009/12/07 23:17:55 | 00,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2009/12/07 23:17:55 | 00,000,000 | ---D | C] -- \$RECYCLE.BIN

[2009/12/04 18:17:15 | 00,071,040 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys

[2009/12/04 17:41:23 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/12/04 17:41:23 | 00,000,000 | ---D | C] -- \Qoobox

[2009/12/04 17:32:43 | 00,000,000 | ---D | C] -- C:\Avenger

[2009/12/04 17:32:43 | 00,000,000 | ---D | C] -- \Avenger

[2009/12/03 10:01:22 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe

[2009/12/02 22:15:14 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\Carole.exe

[2009/12/02 21:41:48 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\HiJackThis.exe

[2009/11/25 18:27:01 | 00,000,000 | R--D | C] -- C:\autorun.inf

[2009/11/25 18:27:01 | 00,000,000 | R--D | C] -- \autorun.inf

[2009/11/25 18:14:47 | 00,000,000 | ---D | C] -- C:\UsbFix

[2009/11/25 18:14:47 | 00,000,000 | ---D | C] -- \UsbFix

[2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- C:\rsit

[2009/11/25 18:05:17 | 00,000,000 | ---D | C] -- \rsit

[2008/06/03 22:41:51 | 00,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

[2007/07/05 01:28:51 | 00,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[1 C:\Users\Carole\Documents\*.tmp files -> C:\Users\Carole\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/09 14:12:52 | 03,145,728 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT

[2009/12/09 13:30:08 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/12/09 13:30:08 | 00,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/12/09 13:30:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/12/09 13:30:00 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001

[2009/12/09 13:29:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/12/08 23:09:12 | 00,524,288 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2009/12/08 23:09:12 | 00,065,536 | -HS- | M] () -- C:\Users\Carole\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2009/12/08 23:08:49 | 01,688,937 | -H-- | M] () -- C:\Users\Carole\AppData\Local\IconCache.db

[2009/12/08 21:26:59 | 02,405,320 | R--- | M] () -- C:\Users\Carole\Documents\Money Sauvegarde.mbf

[2009/12/08 21:26:55 | 00,011,476 | ---- | M] () -- C:\Users\Carole\Documents\Budget 2010.xlsx

[2009/12/08 18:00:27 | 00,045,767 | ---- | M] () -- C:\Users\Carole\Documents\EdT Carole.xlsx

[2009/12/08 17:18:43 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job

[2009/12/07 23:18:39 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini

[2009/12/07 23:17:45 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2009/12/07 23:17:32 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2009/12/04 18:41:10 | 00,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Anti-virus firewall.lnk

[2009/12/04 18:30:46 | 00,033,920 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys

[2009/12/04 18:17:20 | 01,727,728 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/12/04 18:17:20 | 00,750,410 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2009/12/04 18:17:20 | 00,662,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/12/04 18:17:20 | 00,160,668 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2009/12/04 18:17:20 | 00,134,270 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/12/04 17:23:59 | 03,579,965 | R--- | M] () -- C:\Users\Carole\Desktop\ComboFix.exe

[2009/12/03 10:02:00 | 00,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2009/12/03 10:01:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Carole\Desktop\OTL.exe

[2009/12/03 00:19:39 | 00,000,204 | ---- | M] () -- C:\infect.fstmp

[2009/12/03 00:14:00 | 00,000,000 | ---- | M] () -- C:\error.fstmp

[2009/12/02 22:14:27 | 00,781,909 | ---- | M] () -- C:\Users\Carole\Desktop\RSIT.exe

[2009/12/02 22:09:39 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2009/12/02 21:41:52 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\HiJackThis.exe

[2009/12/02 21:41:52 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Carole\Desktop\Carole.exe

[2009/12/02 19:35:55 | 00,810,414 | ---- | M] () -- C:\Users\Carole\Desktop\UNINSTALLATION_TOOL.exe

[2009/12/01 20:57:50 | 00,047,616 | ---- | M] () -- C:\Users\Carole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/30 16:55:10 | 00,010,787 | ---- | M] () -- C:\Users\Carole\Documents\Objets En Vente.xlsx

[2009/11/29 18:36:37 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/11/28 14:19:16 | 00,436,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/11/27 20:35:23 | 00,000,000 | ---- | M] () -- C:\Users\Carole\defogger_renable

[2009/11/27 18:48:28 | 00,013,916 | ---- | M] () -- C:\Users\Carole\Documents\Budget.xlsx

[2009/11/26 14:41:36 | 03,145,728 | -HS- | M] () -- C:\Users\Carole\ntuser.dat_previous

[1 C:\Users\Carole\Documents\*.tmp files -> C:\Users\Carole\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/08 21:26:55 | 00,011,476 | ---- | C] () -- C:\Users\Carole\Documents\Budget 2010.xlsx

[2009/12/07 23:27:56 | 00,019,363 | ---- | C] () -- \ComboFix.txt

[2009/12/04 18:27:43 | 00,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Anti-virus firewall.lnk

[2009/12/04 17:30:55 | 00,001,938 | ---- | C] () -- \avenger.txt

[2009/12/04 17:25:10 | 00,731,136 | ---- | C] () -- C:\Users\Carole\Desktop\avenger.exe

[2009/12/04 17:23:56 | 03,579,965 | R--- | C] () -- C:\Users\Carole\Desktop\ComboFix.exe

[2009/12/02 22:21:34 | 00,292,352 | ---- | C] () -- C:\Users\Carole\Desktop\gmer.exe

[2009/12/02 22:14:26 | 00,781,909 | ---- | C] () -- C:\Users\Carole\Desktop\RSIT.exe

[2009/12/02 19:35:50 | 00,810,414 | ---- | C] () -- C:\Users\Carole\Desktop\UNINSTALLATION_TOOL.exe

[2009/11/27 20:35:23 | 00,000,000 | ---- | C] () -- C:\Users\Carole\defogger_renable

[2009/11/25 18:44:56 | 00,000,159 | ---- | C] () -- \VundoFix.txt

[2009/11/25 18:19:00 | 00,008,313 | ---- | C] () -- \UsbFix.txt

[2009/10/22 14:18:39 | 00,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini

[2009/10/22 14:18:38 | 00,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll

[2009/10/08 19:45:12 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2009/08/18 00:54:08 | 00,000,204 | ---- | C] () -- \infect.fstmp

[2009/08/18 00:54:08 | 00,000,000 | ---- | C] () -- \error.fstmp

[2009/08/07 03:03:00 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/24 00:21:22 | 00,029,239 | ---- | C] () -- C:\Users\Carole\AppData\Roaming\UserTile.png

[2009/06/17 18:18:26 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

[2009/05/30 20:28:19 | 00,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys

[2009/05/25 18:07:08 | 00,000,680 | ---- | C] () -- C:\Users\Carole\AppData\Local\d3d9caps.dat

[2009/05/09 13:37:48 | 00,000,094 | ---- | C] () -- C:\Users\Carole\AppData\Local\fusioncache.dat

[2009/03/31 11:30:40 | 00,000,000 | RHS- | C] () -- \MSDOS.SYS

[2009/03/31 11:30:40 | 00,000,000 | RHS- | C] () -- \IO.SYS

[2009/03/05 11:19:09 | 00,000,021 | ---- | C] () -- \NIS2008.TXT

[2009/02/23 15:23:20 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll

[2009/01/21 18:17:46 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/01/21 18:17:22 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009/01/21 18:17:22 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/01/21 18:17:20 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2009/01/21 18:17:13 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/01/21 18:17:13 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2009/01/21 13:43:28 | 00,047,616 | ---- | C] () -- C:\Users\Carole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/21 12:41:06 | 35,341,14816 | -HS- | C] () --

[2009/01/21 12:20:18 | 00,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2008/11/22 20:25:18 | 00,000,105 | ---- | C] () -- \Pass.txt

[2008/11/21 06:00:23 | 00,019,069 | ---- | C] () -- \devlist.txt

[2008/11/21 05:57:03 | 00,000,009 | ---- | C] () -- \Finish.log

[2008/11/21 05:44:49 | 00,000,024 | ---- | C] () -- C:\Windows\System32\ChkMail.ini

[2008/11/21 05:14:04 | 00,000,159 | ---- | C] () -- \Setup.log

[2008/11/21 05:11:35 | 00,000,646 | ---- | C] () -- \RHDSetup.log

[2008/11/21 04:34:44 | 00,000,481 | ---- | C] () -- \igoogle_log.txt

[2008/11/21 04:06:02 | 00,000,021 | ---- | C] () -- \V552.txt

[2008/11/21 03:56:15 | 00,000,166 | ---- | C] () -- \SumHidd.txt

[2008/11/21 03:55:30 | 00,000,098 | ---- | C] () -- \SumOS.txt

[2008/10/01 06:09:42 | 00,000,021 | ---- | C] () -- \msapp2.LOG

[2008/09/24 18:54:29 | 01,048,576 | RH-- | C] () -- \X71SLAS.BIN

[2008/09/08 21:19:49 | 00,000,027 | ---- | C] () -- \Driver.20

[2008/07/02 04:28:38 | 00,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll

[2008/06/02 17:51:13 | 00,000,022 | ---- | C] () -- \RECOVERY.DAT

[2008/05/23 04:01:42 | 00,000,030 | ---- | C] () -- \NERO.LOG

[2008/05/22 18:35:54 | 00,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg

[2008/05/13 22:35:23 | 01,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2008/04/29 14:49:01 | 00,000,020 | ---- | C] () -- \READER_A.TXT

[2008/04/16 12:27:14 | 00,333,257 | RHS- | C] () -- \bootmgr

[2008/04/16 11:43:39 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini

[2008/04/16 11:43:26 | 00,000,019 | ---- | C] () -- \CA21.txt

[2008/03/21 03:56:21 | 00,002,666 | ---- | C] () -- \Patch.LOG

[2007/06/12 19:34:50 | 00,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico

[2007/05/09 23:16:39 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2007/03/16 00:17:34 | 00,000,025 | ---- | C] () -- \OFFICE2007_A.TXT

[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat

[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 07:25:08 | 00,000,010 | ---- | C] () -- \config.sys

[2006/05/19 19:39:57 | 00,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2006/03/09 02:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2004/02/29 16:44:34 | 00,052,576 | ---- | C] () -- \orange.bmp

========== LOP Check ==========

[2009/11/18 11:35:11 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Auslogics

[2009/10/08 21:23:53 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\DAEMON Tools Lite

[2009/05/13 10:10:56 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\eMule

[2009/03/24 11:42:58 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\EPSON

[2009/10/08 14:42:40 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\GARMIN

[2009/05/30 21:02:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\gtk-2.0

[2009/08/20 04:24:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\ITTNord

[2009/03/05 11:19:15 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Oberon Games

[2009/07/24 00:21:22 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\PeerNetworking

[2009/08/18 01:44:40 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\PlayFirst

[2009/10/23 18:17:23 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\proDAD

[2009/10/08 21:30:15 | 00,000,000 | ---D | M] -- C:\Users\Carole\AppData\Roaming\Sony

[2009/12/08 23:09:03 | 00,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009/12/08 17:18:43 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{91283F18-3F0E-457A-A007-2FA9F9DC6165}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys

[2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009/04/11 07:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll

[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll

[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008/01/21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll

[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:D2A5A561

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:37994DBE

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6B86037F

@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:6677D85A

@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:10D98D98

< End of report >

Falkra · le 9 décembre 2009

On a avancé, mais il semble rester 2-3 choses encore.

As-tu toujours des redirections sur internet ?

Télécharge GMER Rootkit Scanner du lien suivant :

http://www.gmer.net/#files

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

Sections
IAT/EAT
**Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

Maheva · le 9 décembre 2009

Bonsoir,

J'arrive pas à faire le scan. Quand j'appuie sur le bouton scan, windows me dit que le programme a cessé de fonctionner, on me demande de fermer le programme, ce que je fait. Ensuite j'ai un écran bleu avec plein de truc écrit en anglais pendant quelques secondes puis l'ordinateur redémarre.

Falkra · le 9 décembre 2009

Ok, oublie Gmer provisoirement.

Télécharge RootRepeal via un clic droit sur l'un des liens ci-dessous:

http://ad13.geekstogo.com/RootRepeal.zip

http://rootrepeal.googlepages.com/RootRepeal.zip

http://rootrepeal.psikotick.com/RootRepeal.zip

Enregistre le fichier sur ton Bureau.
Crée un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)
Décompresse l'archive téléchargée dans ce nouveau dossier RootRepeal (Fais un clic droit sur l'archive et choisis extraire vers C:\RootRepeal)
Double-clique sur Rootrepeal(.exe) (Sous Vista, il faut faire un clic droit sur le fichier, et Exécuter en tant qu'administrateur).

/!\ Désactive tes applications antivirus et anti-spyware, en général via un clic droit sur l'icône de la Zone de notification. Sinon, elles risquent d'interférer avec nos outils. /!\.(aide si besoin : http://forum.pcastuces.com/desactiver_les_...entes-f31s4.htm Merci Morgane )

Clique sur l'onglet Report (en bas de la fenêtre) puis sur le bouton Scan.
Dans la nouvelle fenêtre Select Scan, coche:

+ Drivers
+ Files

+ Processes

+ SSDT

+ Stealth Objects

+ Hidden Services

+ Shadow SSDT

Clique sur le bouton OK
Dans la nouvelle fenêtre Select Drives, coche le lecteur système (généralement C:\)
Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.
Lorsque l'analyse est terminée, un rapport va s'ouvrir, ferme le.
Clique sur le bouton "Save report" et enregistre le fichier rapport dans le dossier RootRepeal sous le nom RootRepealn1.txt
Ouvre le menu File (en haut à gauche), clique sur Exit pour fermer le programme.

/!\ Ré-active la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet. /!\

--> Poste en réponse le rapport de RootRepeal (contenu du fichier RootRepealn1.txt)

Note: Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Maheva · le 9 décembre 2009

Voici le rapport:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/12/09 18:46

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP2

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\Windows\System32\Drivers\dump_atapi.sys

Address: 0x8AFDD000 Size: 32768 File Visible: No Signed: -

Status: -

Name: dump_dumpata.sys

Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys

Address: 0x8AFD2000 Size: 45056 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xAA064000 Size: 49152 File Visible: No Signed: -

Status: -

Name: sphl.sys

Image Path: C:\Windows\System32\Drivers\sphl.sys

Address: 0x80690000 Size: 1052672 File Visible: No Signed: -

Status: -

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\ADSM_PData_0150

Status: Invisible to the Windows API!

Path: \\?\C:\ADSM_PData_0150\*

Status: Could not enumerate files with the Windows API (0x00000006)!

Path: C:\ADSM_PData_0150\DB

Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\DragWait.exe

Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\_avt

Status: Invisible to the Windows API!

Path: C:\System Volume Information\{5c76d95c-df7d-11de-bc3b-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{6e54726b-e0f3-11de-9245-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{742dc1bf-de9e-11de-9837-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{aaead82a-dfea-11de-bed6-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{acc6843b-df75-11de-b564-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{adc8a660-e414-11de-b767-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{bbabfd2d-dd0f-11de-942e-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{df121872-e321-11de-bc57-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{1350fd6e-e351-11de-865b-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{218038e9-dba4-11de-b73e-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{218038f1-dba4-11de-b73e-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{31a76957-df1a-11de-8954-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{31a76969-df1a-11de-8954-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{37c46dbf-dd99-11de-9b5b-0023548f92e7}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: \\?\C:\ADSM_PData_0150\DB\*

Status: Could not enumerate files with the Windows API (0x00000006)!

Path: C:\ADSM_PData_0150\DB\SI.db

Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\DB\UL.db

Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\DB\VL.db

Status: Invisible to the Windows API!

Path: C:\ADSM_PData_0150\DB\_avt

Status: Invisible to the Windows API!

Path: C:\Users\Carole\Documents sécurisés

Status: Invisible to the Windows API!

Path: C:\Users\Carole\Vidéos sécurisées

Status: Invisible to the Windows API!

Path: C:\Users\Carole\Musique sécurisée

Status: Invisible to the Windows API!

Path: \\?\C:\Users\Carole\Documents sécurisés\*

Status: Could not enumerate files with the Windows API (0x00000006)!

Path: C:\Users\Carole\Documents sécurisés\_avt

Status: Invisible to the Windows API!

Path: C:\Users\Carole\Documents sécurisés\_lit

Status: Invisible to the Windows API!

Path: \\?\C:\Users\Carole\Vidéos sécurisées\*

Status: Could not enumerate files with the Windows API (0x00000006)!

Path: C:\Users\Carole\Vidéos sécurisées\_avt

Status: Invisible to the Windows API!

Path: C:\Users\Carole\Vidéos sécurisées\_lit

Status: Invisible to the Windows API!

Path: \\?\C:\Users\Carole\Musique sécurisée\*

Status: Could not enumerate files with the Windows API (0x00000006)!

Path: C:\Users\Carole\Musique sécurisée\_avt

Status: Invisible to the Windows API!

Path: C:\Users\Carole\Musique sécurisée\_lit

Status: Invisible to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H

Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.

cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c

2866332652.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e

2e610f48bda6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c

at

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5

6e60dc5df.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985

d.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea

1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf

c6cd11929a02.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\34f4e1067328cece3ad510dbcdd746657fd91ee96f89f25201a7c658918512d1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\7aefb85f3099da7d88809ade16e90c2e3d61c5eeb236093cddc0a546934b02ad.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\113260042a311e5a7871a6659a0a0cc23a5864196832c01f81f093942513b749.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\92a6d9ca6a73206405dc393c28776ea6cded8b6ef43bffcf248c1b852ccd4c2c.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182

ef8367ab\GACUTI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fd

d9371aff\GACUTI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641e

f282ae74\GACUTI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_3432eb0d0dced274\_SMSVC~1.VRG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_3477a7282720b488\_SMSVC~1.VRG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_325856a50f01ab0d\_SMSVC~1.INI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_329d12c028538d21\_SMSVC~1.INI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_36a2c67e2413032f\_SMSVC~1.VRG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18005_none_8a59b9a693f7ed88\$$DeleteMe.msxml3.dll.01ca6ecabdd95e56.0001

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6002.18005_none_95196f2b15cf9bd2\$$DeleteMe.winspool.drv.01ca6700ee56cf39.0005

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-busenumservice_31bf3856ad364e35_6.0.6001.18000_none_77fe3055cc02641a\$$DeleteMe.wpdbusenum.dll.01ca6700ec75f979.0002

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9

d654a956\GACUTI~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638

6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18005_none_ae1c8b4b8d1614c8\PRESEN~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_35b5d7ed0b402f09\_SMSVC~1.VRG

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.16708_none_23cb592eb6e076f6\_SERVI~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.18096_none_254e460eb451d38b\_SERVI~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.22208_none_263b349fcd24a7b1\_SERVI~1.H

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\$$DeleteMe.PortableDeviceApi.dll.01ca6700ecd9f339.0004

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\$$DeleteMe.PortableDeviceTypes.dll.01ca6700ecb17bd9.0003

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-oleaccrc_31bf3856ad364e35_6.0.6000.16386_none_76f32d528a780cf2\$$DeleteMe.oleaccrc.dll.01ca6700e6b48659.0001

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-oleacc_31bf3856ad364e35_6.0.6001.18000_none_6a84bdce2263bb83\$$DeleteMe.oleacc.dll.01ca6700e697f5d9.0000

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18005_none_8a59754e93f83a6b\$$DeleteMe.msxml6.dll.01ca6ecabdc19096.0000

Status: Locked to the Windows API!

Path: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86

Status: Invisible to the Windows API!

Path: c:\program files\orange\antivirus firewall\anti-virus\power.dat

Status: Allocation size mismatch (API: 24, Raw: 0)

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\DV_ASP~1.CHM

Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL

Status: Locked to the Windows API!

Path: \\?\C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\*

Status: Could not enumerate files with the Windows API (0x00000006)!

Path: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys

Status: Invisible to the Windows API!

Path: C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt

Status: Invisible to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PRESEN~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL

Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SERVI~1.REG

Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSVC~1.REG

Status: Locked to the Windows API!

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.306.gthr

Status: Allocation size mismatch (API: 45056, Raw: 40960)

Processes

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe

PID: 1180 Status: Locked to the Windows API!

SSDT

-------------------

#: 078 Function Name: NtCreateThread

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201e8c

#: 165 Function Name: NtLoadDriver

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x902021bc

#: 177 Function Name: NtMapViewOfSection

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201bcc

#: 197 Function Name: NtOpenSection

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x902025ee

#: 267 Function Name: NtRenameKey

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x9020388c

#: 317 Function Name: NtSetSystemInformation

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x9020243e

#: 330 Function Name: NtSuspendProcess

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201a4c

#: 331 Function Name: NtSuspendThread

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201ec0

#: 332 Function Name: NtSystemDebugControl

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90202042

#: 334 Function Name: NtTerminateProcess

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x902019a6

#: 335 Function Name: NtTerminateThread

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201b06

#: 358 Function Name: NtWriteVirtualMemory

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201f86

#: 382 Function Name: NtCreateThreadEx

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90201ea6

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x85d241f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x85d241f8 Size: 121

Shadow SSDT

-------------------

#: 573 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys" at address 0x90204646

==EOF==

Falkra · le 10 décembre 2009

Tu utilises ASUS Data Security Manager ? Il verrouille et cache des fichiers, mais est-ce que cela te sert ? C'est un programme légitime, installé par le constructeur.

Maheva · le 10 décembre 2009

En fait je n'en sait rien. Mon ordinateur est un Asus, il y a plein de truc qui était déjà installé quand je l'ai acheté et dont je ne suis pas sûr de me servir.

Falkra · le 11 décembre 2009

OK, pas de souci, pour ça.

Rends toi sur ce lien : Virus Total

Clique sur le bouton Parcourir...
Copie colle ce chemin dans la boite de dialogue qui s'ouvre, ou parcours tes dossiers jusque à ce fichier, si tu le trouves :

C:\windows\system32\CLASSPNP.SYS

Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
Une nouvelle fenêtre de ton navigateur va apparaître
Clique alors sur cette image :
Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
Enfin colle le résultat dans ta prochaine réponse.
NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

Tu peux avoir besoin d'afficher les fichiers cachés et masqués du système, temporairement.

On regardera sans doute aussi disk.sys et acpi.sys ou halmacpi.dll plus tard.

Connexion

Pas encore inscrit ?

[Résolu] Virus tdlcmd.dll impossible à supprimer

Messages recommandés

Maheva

Falkra

Maheva

Falkra

Maheva

Falkra

Maheva

Falkra

Maheva

Falkra

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer