avast, spybot bloqué et redirection internet (résolu)

[Nick67]

Voici le rapport

désolé pour le temps que j'ai mis mais j'avais bcp de travail

 

 

############################## | FindyKill V5.052 |

 

# User : Natasha (Administrateurs) # PUSSYCAT

# Update on 23/10/2010 by El Desaparecido

# Start at: 18:59:32 | 05/11/2010

# Website : TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill

# Contact : eldesaparecido@teamxscript.org

 

# AMD Sempron 2400+

# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 8.0.6001.18702

# Windows Firewall Status : Enabled

 

# A:\ # Lecteur de disquettes 3 ½ pouces

# C:\ # Disque fixe local # 14,65 Go (897,8 Mo free) [windows] # NTFS

# D:\ # Disque CD-ROM

# E:\ # Disque CD-ROM

# F:\ # Disque fixe local # 27,4 Go (1,08 Go free) [Jeux] # NTFS

# G:\ # Disque fixe local # 16,36 Go (1,25 Go free) [ films] # NTFS

# H:\ # Disque fixe local # 16,11 Go (7,49 Go free) [soft & Musik] # NTFS

 

################## | Eléments infectieux |

 

H:\autorun.inf

 

################## | Registre |

 

[HKCU\Software\Classes\ed2k]

[HKCR\ed2k]

 

################## | Etat |

 

# Affichage des fichiers cachés : OK

 

# Mode sans echec : OK

 

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )

# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )

# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | ! Fin du rapport # FindyKill V5.052 ! |

 

Mon pc n'a plus aucune protection par contre j'ai plus d'antivirus et plus spybot

ça crains rien ?

[Florinator]

Bonjour,

 

Choisis l'option "Suppression de FindyKill puis poste moi le rapport.

Pourquoi Avast! n'est il plus là?

 

Pour l'antivirus, j'ai tendance à préféré Antivir dans son mode d'action, mais ce choix te reviens, si tu connais bien et préfère Avast! garde le. Télécharge le, désinstalle le complètement de ton système puis réinstalle le proprement.

[Nick67]

Bonjour,

 

Avast n'était plus là car je devais le désactiver pour un faire un scan, j'ai pas réussi alors je l'ai supprimer.

Findykill a travaillé pdt 8 h !

j'ai toujours les symptômes du virus

voici le rapport :

 

 

############################## | FindyKill V5.052 |

 

# User : Natasha (Administrateurs) # PUSSYCAT

# Update on 23/10/2010 by El Desaparecido

# Start at: 12:41:55 | 06/11/2010

# Website : TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill

# Contact : eldesaparecido@teamxscript.org

 

# AMD Sempron 2400+

# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 8.0.6001.18702

# Windows Firewall Status : Enabled

# AV : avast! Antivirus 5.0.83886757 [ Enabled | (!) Outdated ]

 

# A:\ # Lecteur de disquettes 3 ½ pouces

# C:\ # Disque fixe local # 14,65 Go (778,68 Mo free) [windows] # NTFS

# D:\ # Disque CD-ROM

# E:\ # Disque CD-ROM

# F:\ # Disque fixe local # 27,4 Go (1,08 Go free) [Jeux] # NTFS

# G:\ # Disque fixe local # 16,36 Go (1,25 Go free) [ films] # NTFS

# H:\ # Disque fixe local # 16,11 Go (7,49 Go free) [soft & Musik] # NTFS

 

################## | Eléments infectieux |

 

Supprimé ! H:\autorun.inf

 

################## | CRC32 ... |

 

 

################## | Registre |

 

Supprimé ! [HKCU\Software\Classes\ed2k]

Supprimé ! [HKCR\ed2k]

 

################## | Etat |

 

# Mode sans echec : OK

 

 

# Affichage des fichiers cachés : OK

 

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | Fichiers corrompus |

 

... OK !

 

################## | Upload |

 

Veuillez envoyer le fichier : C:\FindyKill_Upload_Me_PUSSYCAT.zip : Upload pour UsbFix, Ad-Remover & FindyKill

Merci pour votre contribution .

 

################## | ! Fin du rapport # FindyKill V5.052 ! |

[Florinator]

Bonjour,

 

On va regarder une nouvelle chose:

 

Télécharge Tdsskiller sur ton Bureau

 

• Décompresse le fichier en faisant un clique droit dessus
  
• Double clique dessus
  
• Clique sur "StartScan"
  
• Si des nuisibles sont trouvés (Malicious Objects), vérifie que l'option "Cure"ou "Quarantine" est selectionné
  
• Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifie l'action à entreprendre et indique "Skip".
  
• Clique alors sur le bouton "continu" puis "RebootNow"
  
• Copie-colle le rapport qui apparait

 

NB:Le fichier est également présent ici : C:\tdsskiller\report.txt

 

A++

[Nick67]

bonjour,

 

voici le rapport :

 

2010/11/07 15:19:11.0296 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/07 15:19:11.0296 ================================================================================

2010/11/07 15:19:11.0296 SystemInfo:

2010/11/07 15:19:11.0296

2010/11/07 15:19:11.0296 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/07 15:19:11.0296 Product type: Workstation

2010/11/07 15:19:11.0296 ComputerName: PUSSYCAT

2010/11/07 15:19:11.0296 UserName: Natasha

2010/11/07 15:19:11.0296 Windows directory: C:\WINDOWS

2010/11/07 15:19:11.0296 System windows directory: C:\WINDOWS

2010/11/07 15:19:11.0296 Processor architecture: Intel x86

2010/11/07 15:19:11.0296 Number of processors: 1

2010/11/07 15:19:11.0296 Page size: 0x1000

2010/11/07 15:19:11.0296 Boot type: Normal boot

2010/11/07 15:19:11.0296 ================================================================================

2010/11/07 15:19:11.0781 Initialize success

2010/11/07 15:19:17.0718 ================================================================================

2010/11/07 15:19:17.0718 Scan started

2010/11/07 15:19:17.0718 Mode: Manual;

2010/11/07 15:19:17.0718 ================================================================================

2010/11/07 15:19:18.0203 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/11/07 15:19:18.0421 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/07 15:19:18.0546 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/07 15:19:18.0718 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/07 15:19:18.0843 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/11/07 15:19:18.0937 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/07 15:19:19.0281 AmdK7 (d3dabc57be6d456dfd4bc026cfa582ff) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2010/11/07 15:19:19.0656 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010/11/07 15:19:19.0781 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/11/07 15:19:19.0906 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/11/07 15:19:20.0046 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/11/07 15:19:20.0171 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/11/07 15:19:20.0281 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/07 15:19:20.0375 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/07 15:19:20.0828 ati2mtag (2f24aff9e8409821aafa005d3706b583) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/11/07 15:19:20.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/07 15:19:21.0078 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/07 15:19:21.0218 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/07 15:19:21.0328 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\DRIVERS\bsstor.sys

2010/11/07 15:19:21.0453 BsUDF (6c8f8def60b321e5683dc822ae97d222) C:\WINDOWS\system32\drivers\BsUDF.sys

2010/11/07 15:19:21.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/07 15:19:21.0750 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/11/07 15:19:21.0921 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/07 15:19:22.0062 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/07 15:19:22.0156 Cdr4_xp (aaf9f526b4b429a894e3e537c008ba60) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2010/11/07 15:19:22.0265 Cdralw2k (64137df18b9f38d7eb8ee360726ed5bd) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2010/11/07 15:19:22.0375 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/07 15:19:22.0453 cdudf_xp (d6af450ee494df67a6d4e26b4ce34f09) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2010/11/07 15:19:22.0781 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys

2010/11/07 15:19:23.0171 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/07 15:19:23.0328 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/07 15:19:23.0484 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/07 15:19:23.0609 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/07 15:19:23.0718 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/07 15:19:23.0921 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/07 15:19:24.0031 dvd_2K (d58a3c236b37a3a1f76b8f9c6288d1c3) C:\WINDOWS\system32\drivers\dvd_2K.sys

2010/11/07 15:19:24.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/07 15:19:24.0390 fbxusb (504e93682655a7b3af1fb5bff3f44322) C:\WINDOWS\system32\DRIVERS\fbxusb32.sys

2010/11/07 15:19:24.0484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/11/07 15:19:24.0578 FETNDIS (585b9c652299caf0128fbe598e29bb7e) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

2010/11/07 15:19:24.0687 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

2010/11/07 15:19:24.0781 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/07 15:19:24.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/11/07 15:19:24.0953 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/07 15:19:25.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/07 15:19:25.0203 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/07 15:19:25.0296 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2010/11/07 15:19:25.0406 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys

2010/11/07 15:19:25.0500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/07 15:19:25.0625 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys

2010/11/07 15:19:25.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/07 15:19:26.0078 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/11/07 15:19:26.0187 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/11/07 15:19:26.0296 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/11/07 15:19:26.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/07 15:19:26.0671 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/07 15:19:26.0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/07 15:19:26.0890 incdrm (6f05034230ad665b8ad80214a3a9bc57) C:\WINDOWS\system32\drivers\incdrm.sys

2010/11/07 15:19:27.0156 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/07 15:19:27.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/07 15:19:27.0359 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/07 15:19:27.0484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/07 15:19:27.0578 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/07 15:19:27.0687 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/07 15:19:27.0812 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/07 15:19:27.0906 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/07 15:19:28.0031 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/07 15:19:28.0109 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/07 15:19:28.0250 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/07 15:19:28.0500 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

2010/11/07 15:19:28.0687 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2010/11/07 15:19:30.0234 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2010/11/07 15:19:31.0718 mmc_2K (af89fa6cc924729ded21d4c3be413cca) C:\WINDOWS\system32\drivers\mmc_2K.sys

2010/11/07 15:19:31.0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/07 15:19:31.0937 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/07 15:19:32.0015 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/07 15:19:32.0109 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/07 15:19:32.0203 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/07 15:19:32.0390 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/07 15:19:32.0546 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/07 15:19:32.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/07 15:19:32.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/07 15:19:32.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/07 15:19:33.0000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/07 15:19:33.0109 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/07 15:19:33.0203 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/11/07 15:19:33.0312 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/07 15:19:33.0437 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/11/07 15:19:33.0562 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/07 15:19:33.0640 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/11/07 15:19:33.0734 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/07 15:19:33.0843 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/07 15:19:33.0921 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/07 15:19:34.0031 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/07 15:19:34.0140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/07 15:19:34.0234 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/07 15:19:34.0406 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/07 15:19:34.0531 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/07 15:19:34.0671 NTSIM (aa56a73370f0a29bcb8aff177b6c68f8) C:\WINDOWS\System32\ntsim.sys

2010/11/07 15:19:34.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/07 15:19:35.0031 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/11/07 15:19:35.0250 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/07 15:19:35.0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/07 15:19:35.0421 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/07 15:19:35.0546 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/07 15:19:35.0625 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/07 15:19:35.0859 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/07 15:19:36.0140 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/07 15:19:36.0718 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/07 15:19:36.0828 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/11/07 15:19:36.0953 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/07 15:19:37.0031 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/07 15:19:37.0125 pwd_2k (1c2b63fefbd912055ec885894d001dfd) C:\WINDOWS\system32\drivers\pwd_2k.sys

2010/11/07 15:19:37.0250 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/11/07 15:19:37.0640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/07 15:19:37.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/07 15:19:37.0875 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/07 15:19:37.0968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/07 15:19:38.0062 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/07 15:19:38.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/07 15:19:38.0296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/07 15:19:38.0437 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/07 15:19:38.0515 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/07 15:19:38.0703 RT61 (1d72a1ab4d4860291b67bffe6862093a) C:\WINDOWS\system32\DRIVERS\RT61.sys

2010/11/07 15:19:38.0890 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/07 15:19:39.0015 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/07 15:19:39.0093 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/07 15:19:39.0234 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/07 15:19:39.0453 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/11/07 15:19:39.0546 SoC PC-Camera Service (93f11cceab41a47a0a6317b640b3b807) C:\WINDOWS\system32\DRIVERS\pfc027.sys

2010/11/07 15:19:39.0734 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/07 15:19:39.0828 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\System32\DRIVERS\sr.sys

2010/11/07 15:19:39.0984 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/07 15:19:40.0140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/11/07 15:19:40.0203 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/07 15:19:40.0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/07 15:19:40.0750 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/07 15:19:40.0890 Tcpip (79617a4ff54f667265ade66d3219c24e) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/07 15:19:40.0890 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: 79617a4ff54f667265ade66d3219c24e, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d

2010/11/07 15:19:40.0921 Tcpip - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/11/07 15:19:41.0031 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/07 15:19:41.0125 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/07 15:19:41.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/07 15:19:41.0453 UdfReadr_xp (6b9a26d1cfdd3c9b4623c33637495568) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2010/11/07 15:19:41.0593 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/07 15:19:41.0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/07 15:19:41.0984 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/11/07 15:19:42.0109 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/07 15:19:42.0187 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/07 15:19:42.0265 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/07 15:19:42.0359 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/07 15:19:42.0453 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/07 15:19:42.0546 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/07 15:19:42.0625 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/11/07 15:19:42.0734 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/07 15:19:42.0843 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2010/11/07 15:19:42.0953 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys

2010/11/07 15:19:43.0062 viamraid (85e9421c8a99d1291b43b9b59a669ac3) C:\WINDOWS\system32\DRIVERS\viamraid.sys

2010/11/07 15:19:43.0171 viasraid (2eab80850163b2a123d09f34574bedcf) C:\WINDOWS\system32\DRIVERS\viasraid.sys

2010/11/07 15:19:43.0328 VIAudio (df47d922e86f4c571d81221bfb5873b8) C:\WINDOWS\system32\drivers\vinyl97.sys

2010/11/07 15:19:43.0468 videX32 (510b5097e81cd36d603d7d5c93820bbd) C:\WINDOWS\system32\DRIVERS\videX32.sys

2010/11/07 15:19:43.0546 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/07 15:19:43.0671 vulfnths (16409c468ceee99b6b129fcaa5c0f206) C:\WINDOWS\System32\Drivers\vulfnth.sys

2010/11/07 15:19:43.0734 vulfntrs (541447e05eddd1164a5ea925778b209d) C:\WINDOWS\System32\Drivers\vulfntr.sys

2010/11/07 15:19:43.0843 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/07 15:19:44.0015 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/07 15:19:44.0281 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/11/07 15:19:44.0390 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/11/07 15:19:44.0625 ================================================================================

2010/11/07 15:19:44.0625 Scan finished

2010/11/07 15:19:44.0625 ================================================================================

2010/11/07 15:19:44.0656 Detected object count: 1

2010/11/07 15:19:59.0203 Tcpip (79617a4ff54f667265ade66d3219c24e) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/07 15:19:59.0218 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: 79617a4ff54f667265ade66d3219c24e, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d

2010/11/07 15:19:59.0953 Backup copy found, using it..

2010/11/07 15:19:59.0968 C:\WINDOWS\system32\DRIVERS\tcpip.sys - will be cured after reboot

2010/11/07 15:19:59.0968 Rootkit.Win32.TDSS.tdl3(Tcpip) - User select action: Cure

2010/11/07 15:20:14.0812 Deinitialize success

[Florinator]

Ok, peux tu retenter une pass avec ComboFix comme stipulé dans le tuto que je t'ai précedemment fournit, et me poster le rapport stp.

 

A++

[Nick67]

voici le rapport

 

ComboFix 10-11-07.04 - Natasha 07/11/2010 16:08:13.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1791.1347 [GMT 1:00]

Lancé depuis: c:\documents and settings\Natasha\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\SystemDoctor Free

c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\Abbr

c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode

c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\HOURS

c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode

c:\documents and settings\Natasha\akqioa.exe

c:\documents and settings\Natasha\Application Data\SystemDoctor Free

c:\documents and settings\Natasha\Application Data\SystemDoctor Free\Logs\update.log

c:\documents and settings\Natasha\binternet.exe

c:\documents and settings\Natasha\gtmilr.exe

c:\documents and settings\Natasha\kqitzb.exe

c:\documents and settings\Natasha\kygvmo.exe

c:\documents and settings\Natasha\nbilga.exe

c:\documents and settings\Natasha\new.txt

c:\documents and settings\Natasha\ptnfyq.exe

c:\documents and settings\Natasha\tcsfcr.exe

c:\windows\patch.exe

c:\windows\system32\spool\prtprocs\w32x86\xmYW93y7c.dll

c:\windows\system32\Thumbs.db

f:\favoris\Thumbs.db

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-10-07 au 2010-11-07 ))))))))))))))))))))))))))))))))))))

.

 

2010-11-05 17:55 . 2010-11-06 21:17 -------- d-----w- C:\FyK

2010-10-28 16:37 . 2010-10-29 16:55 -------- d-----w- c:\program files\ZHPDiag

2010-10-27 19:27 . 2010-10-27 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-10-26 19:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-26 19:20 . 2010-10-26 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-26 19:20 . 2010-10-26 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-26 19:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-14 21:48 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-14 21:48 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 21:48 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-07 14:20 . 2001-08-28 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-11-06 20:36 . 2010-11-06 20:36 852 ----a-w- C:\FindyKill_Upload_Me_PUSSYCAT.zip

2010-09-25 20:00 . 2009-09-16 19:50 2684 ----a-w- c:\documents and settings\Natasha\errorlog.tmp

2010-09-18 10:23 . 2001-08-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2001-08-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2001-08-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2001-08-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:50 . 2004-08-23 17:16 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:50 . 2001-08-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:50 . 2001-08-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:51 . 2001-08-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:55 . 2001-08-28 12:00 1852928 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2001-08-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:58 . 2001-08-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2001-08-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-23 16:12 . 2001-08-28 12:00 617472 ------w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2001-08-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:44 . 2006-12-26 13:35 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-13 21:01 . 2010-08-12 19:41 21840 ----atw- c:\windows\system32\SIntfNT.dll

2010-08-13 21:01 . 2010-08-12 19:41 17212 ----atw- c:\windows\system32\SIntf32.dll

2010-08-13 21:01 . 2005-07-17 17:08 12067 ----atw- c:\windows\system32\SIntf16.dll

2010-08-12 19:16 . 2010-08-12 19:16 2829 ----a-w- c:\windows\DIIUnin.pif

2010-08-12 19:16 . 2010-08-12 19:16 102400 ----a-w- c:\windows\DIIUnin.exe

2002-08-06 13:41 . 2005-11-08 16:59 210944 -c--a-w- c:\program files\Msvcrt10.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-06-27 540672]

"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

SMCWPCI-GM MIMO Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-9-22 741376]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegedit"= 0 (0x0)

"HideClock"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\Natasha\Application Data\iolo"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 15:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

2009-04-15 14:52 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-10-19 19:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2003-12-08 16:35 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

2003-05-01 17:44 65536 -c--a-w- c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-09-08 20:25 1242448 ----a-w- g:\steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-02-11 15:10 185872 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"f:\\World of Warcraft\\BackgroundDownloader.exe"=

"g:\\steam\\Steam.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"h:\\aOE\\EMPIRES2.ICD"=

"f:\\World of Warcraft\\Launcher.exe"=

"f:\\World of Warcraft\\WoW-3.2.0-frFR-downloader.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"g:\\steam\\SteamApps\\da_funky_doc\\counter-strike source\\hl2.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"8080:TCP"= 8080:TCP:freeplayer

"12071:TCP"= 12071:TCP:chante

 

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [19/02/2005 20:13 9344]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/02/2005 16:56 77056]

R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [19/02/2005 20:13 448640]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2010 17:34 136176]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [07/01/2006 19:14 21344]

S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]

S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2010-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

 

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 16:33]

 

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 16:33]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.cherche.us

uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}

uDefault_Search_URL = hxxp://www.cherche.us/keyword/

uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Recherche avec cherche.us - c:\documents and settings\Natasha\scriptjava.html

Trusted Zone: chat-land.org

Trusted Zone: secuser.com\www

DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab

DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/framework/lib/objimageuploader/html_include/5.0.15.0/ImageUploader5.cab

DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe

FF - ProfilePath - c:\documents and settings\Natasha\Application Data\Mozilla\Firefox\Profiles\q4qt8t4l.Utilisateur par défaut\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr

FF - prefs.js: keyword.URL - hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q=

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\Natasha\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll

FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-LanceurEasyBox - c:\program files\EasyBox\EasyBox.exe

SafeBoot-klmdb.sys

MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe

MSConfigStartUp-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe

MSConfigStartUp-SMSystemAnalyzer - c:\program files\iolo\System Mechanic 7\SMSystemAnalyzer.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-11-07 16:13

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(684)

c:\windows\SYSTEM32\Ati2evxx.dll

.

Heure de fin: 2010-11-07 16:16:04

ComboFix-quarantined-files.txt 2010-11-07 15:15

 

Avant-CF: 782 860 288 octets libres

Après-CF: 828 358 656 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

 

- - End Of File - - DAF8EF83ADD40D90A0E78716F274FE80

[Nick67]

Les symptômes ont apparemment disparus,

par contre je peux plus lancer avast ! failed to load language DLL

dois je mettre un autre antivirus ? que me conseilles tu ?

 

merci

[Florinator]

Ok, Avast! a dû ramasser un peu je pense, c'est pas grave.

Désinstalle le complètement (Tuto désinstallation si besoin), pour ma part j'utilises Antivir.

 

• 
   
  
• Téléchargement: http://dlce.antivir.com/package/wks_avira/win32/fr/pecl/avira_antivir_personal_fr.exe
  
• Tuto d'installation: Tuto Antivir 9 français - libellules.ch
  

(Le tuto concerne la version 9, mais elle est identique à la version 10)

 

 

Scan complètement ton pc avec l'antivirus une fois installé et mis à jour, poste moi le rapport.

 

A++

[Nick67]

impossible de supprimer avast depuis le panneau de config

dois je l'effacer en bourrin en supprimant les fichiers manuellement ?